CI Workflow Fork Restriction: 1 issue found

Hekkos found **1** CI Workflow Fork Restriction configuration issue in this repository.

<sub>This is part of the main [security audit](../issues/14).</sub>

<details open>
<summary><strong>Issue details</strong></summary>

- **Issue 1**: Workflow approval is not required for all external contributors - fork PRs can trigger workflows without approval

</details>

---

### Why this matters

CI workflow fork restrictions help prevent untrusted code execution from forked repositories. This ensures:
- Workflows from fork PRs cannot run without approval
- Reduces risk of malicious code executing in your CI environment
- Protects secrets and sensitive operations from untrusted contributors
- Important for public repositories where anyone can fork

---

### How to fix

1. Navigate to **Settings** > **Actions** > **General**
2. Under **Fork pull request workflows**, select **Require approval for all outside collaborators**
3. Review and adjust workflow permissions as needed

**Documentation:**
- [Approving workflow runs from public forks](https://docs.github.com/en/actions/managing-workflow-runs/approving-workflow-runs-from-public-forks)
- [Securing GitHub Actions](https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

CI Workflow Fork Restriction: 1 issue found #21

Why this matters

How to fix

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

CI Workflow Fork Restriction: 1 issue found #21

Description

Why this matters

How to fix

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions