-
Notifications
You must be signed in to change notification settings - Fork 6
Open
Description
Hekkos found 1 CI Workflow Fork Restriction configuration issue in this repository.
This is part of the main security audit.
Issue details
- Issue 1: Workflow approval is not required for all external contributors - fork PRs can trigger workflows without approval
Why this matters
CI workflow fork restrictions help prevent untrusted code execution from forked repositories. This ensures:
- Workflows from fork PRs cannot run without approval
- Reduces risk of malicious code executing in your CI environment
- Protects secrets and sensitive operations from untrusted contributors
- Important for public repositories where anyone can fork
How to fix
- Navigate to Settings > Actions > General
- Under Fork pull request workflows, select Require approval for all outside collaborators
- Review and adjust workflow permissions as needed
Documentation:
Reactions are currently unavailable