Skip to content

Commit

Permalink
Add remediation for default_workflow_permissions
Browse files Browse the repository at this point in the history 
Fixes: #77
  • Loading branch information
@jhrozek
jhrozek committed Apr 22, 2024
1 parent 8663709 commit 8be5eda
Showing 1 changed file with 7 additions and 0 deletions.
7 changes: 7 additions & 0 deletions rule-types/github/default_workflow_permissions.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -54,6 +54,13 @@ def:
def: ".can_approve_pull_request_reviews"
profile:
def: ".can_approve_pull_request_reviews"
remediate:
type: rest
rest:
method: PUT
endpoint: "/repos/{{.Entity.Owner}}/{{.Entity.Name}}/actions/permissions/workflow"
body: |
{"default_workflow_permissions": "{{ .Profile.default_workflow_permissions }}", "can_approve_pull_request_reviews": {{ .Profile.can_approve_pull_request_reviews }} }
# Defines the configuration for alerting on the rule
alert:
type: security_advisory
Expand Down

0 comments on commit 8be5eda

Please sign in to comment.