diff --git a/checks/evaluation/permissions/gitHubWorkflowPermissionsTopNoWrite.yml b/checks/evaluation/permissions/gitHubWorkflowPermissionsTopNoWrite.yml index 65c89173c92..91b2f117c93 100644 --- a/checks/evaluation/permissions/gitHubWorkflowPermissionsTopNoWrite.yml +++ b/checks/evaluation/permissions/gitHubWorkflowPermissionsTopNoWrite.yml @@ -17,7 +17,7 @@ short: Checks that GitHub workflows do not have default write permissions motivation: > If no permissions are declared, a workflow's GitHub token's permissions default to write for all scopes. This include write permissions to push to the repository, to read encrypted secrets, etc. - For more information, see https://docs.github.com/en/actions/security-guides/automatic-token-authentication#permissions-for-the-github_token. + For more information, see https://docs.github.com/actions/security-guides/automatic-token-authentication#permissions-for-the-github_token. implementation: > The rule is implemented by checking whether the `permissions` keyword is defined at the top of the workflow, and that no write permissions are given. diff --git a/probes/toolDependabotInstalled/def.yml b/probes/toolDependabotInstalled/def.yml index e58d6e14194..52da4bd6c39 100644 --- a/probes/toolDependabotInstalled/def.yml +++ b/probes/toolDependabotInstalled/def.yml @@ -27,6 +27,6 @@ outcome: remediation: effort: Low text: - - Follow the instructions from https://docs.github.com/en/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/configuration-options-for-dependency-updates. + - Follow the instructions from https://docs.github.com/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates. markdown: - - Follow the instructions from [the official documentation](https://docs.github.com/en/code-security/supply-chain-security/keeping-your-dependencies-updated-automatically/configuration-options-for-dependency-updates). \ No newline at end of file + - Follow the instructions from [the official documentation](https://docs.github.com/code-security/dependabot/dependabot-version-updates/about-dependabot-version-updates). \ No newline at end of file