Potential fix for code scanning alert no. 1: Workflow does not contain permissions #205
Conversation
…n permissions Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> Signed-off-by: Glenn Jocher <glenn.jocher@ultralytics.com>
|
The latest updates on your projects. Learn more about Vercel for Git ↗︎
|
|
👋 Hello @glenn-jocher, thank you for submitting an Please review the following checklist to ensure your PR can be merged smoothly:
For further guidance, see our Contributing Guide. If you have any questions or need clarification, feel free to comment here. Thank you for your contribution to Ultralytics! 🚀✨ |
Signed-off-by: Glenn Jocher <glenn.jocher@ultralytics.com>
|
Fantastic work, @glenn-jocher! 🚀 Every step towards stronger security is a step towards a more resilient future. As Benjamin Franklin said, "An ounce of prevention is worth a pound of cure." Your thoughtful update to the domain-checking workflow not only safeguards our documentation process but also sets a high standard for automation best practices in the Ultralytics docs. Thank you for your commitment and attention to detail—your contributions help us build a more secure and reliable ecosystem for everyone! |
Potential fix for https://github.com/ultralytics/docs/security/code-scanning/1
To fix the issue, we need to add a
permissionsblock to the workflow. Since the workflow does not require write access to repository contents or other resources, we can set the permissions tocontents: read, which is the minimal privilege required for most workflows. This block can be added at the root level of the workflow to apply to all jobs, or it can be added to individual jobs if different permissions are needed for each.In this case, adding the
permissionsblock at the root level is the best approach, as it simplifies the configuration and ensures consistent permissions across all jobs.Suggested fixes powered by Copilot Autofix. Review carefully before merging.
🛠️ PR Summary
Made with ❤️ by Ultralytics Actions
🌟 Summary
Improved security for the domain-checking workflow in the Ultralytics docs repository. 🔒
📊 Key Changes
🎯 Purpose & Impact