Skip to content

Commit 7910569

Browse files
mpkorstanjempkorstanje
committed
Don't persist credentials after using actions/checkout
See: https://docs.zizmor.sh/audits/#artipacked
1 parent e5e4a25 commit 7910569

2 files changed

Lines changed: 4 additions & 0 deletions

File tree

.github/workflows/release.yml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -12,6 +12,8 @@ jobs:
1212
contents: write
1313
steps:
1414
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
15+
with:
16+
persist-credentials: false
1517
- uses: cucumber/action-create-github-release@cf2c6f77ba35d2424362e83393a1c4c004cf2ddb # v1.1.1
1618
with:
1719
github-token: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/test.yml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -17,6 +17,8 @@ jobs:
1717
environment: Publish to Nexus
1818
steps:
1919
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
20+
with:
21+
persist-credentials: false
2022
- uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654 # v5.2.0
2123
with:
2224
java-version: '17'

0 commit comments

Comments
 (0)