Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix SonarCloud vulnerabilities #4998

Closed
4 tasks
ewastempel opened this issue Sep 13, 2023 · 0 comments
Closed
4 tasks

Fix SonarCloud vulnerabilities #4998

ewastempel opened this issue Sep 13, 2023 · 0 comments
Assignees
@AafAnsari @Khatraf
Labels
good first issue Good for newcomers security

Comments

@ewastempel
Copy link
Contributor

ewastempel commented Sep 13, 2023
edited
Loading

User Story

New HIGH token-permissions vulnerability was introduced about 3 weeks ago affecting three different workflows,
see the list here: https://github.com/ministryofjustice/modernisation-platform/security/code-scanning.

score is 0: jobLevel 'contents' permission set to 'write'
Remediation tip: Verify which permissions are needed and consider whether you can reduce them.
Click Remediation section below for further remediation help

Fix the issue by narrowing down permissions to only the ones that are needed (see remediation help)

Value

Reducing security risk.

Definition of done

  • readme has been updated
  • user docs have been updated
  • another team member has reviewed
  • tests are green

Reference

How to write good user stories
@ewastempel ewastempel mentioned this issue Sep 13, 2023
Closed
31 tasks
@davidkelliott davidkelliott added the good first issue Good for newcomers label Dec 19, 2023
@Khatraf Khatraf self-assigned this Jan 9, 2024
@ep-93 ep-93 moved this from To Do to In Progress in Modernisation Platform Jan 11, 2024
This was referenced Jan 11, 2024
Merged
Merged
@Khatraf Khatraf mentioned this issue Jan 12, 2024
Merged
4 tasks
@Khatraf Khatraf closed this as completed Jan 15, 2024
@github-project-automation github-project-automation bot moved this from In Progress to Done in Modernisation Platform Jan 15, 2024
@AafAnsari AafAnsari mentioned this issue Feb 5, 2024
Closed
4 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@AafAnsari AafAnsari

@Khatraf Khatraf

Labels
good first issue Good for newcomers security
Projects
Modernisation Platform
Archived in project
Milestone
No milestone
Development

No branches or pull requests
5 participants
@AafAnsari @davidkelliott @SimonPPledger @ewastempel @Khatraf