Naveen S created SPARK-38426: -------------------------------- Summary: Fix the permissions for GitHub workflows Key: SPARK-38426 URL: https://issues.apache.org/jira/browse/SPARK-38426 Project: Spark Issue Type: Bug Components: Build Affects Versions: 3.2.1 Reporter: Naveen S
# The workflow files don't have permission restricted. https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions # In some of the workflows, the actions aren't pinned by SHA. https://github.com/ossf/scorecard/blob/main/docs/checks.md#pinned-dependencies -- This message was sent by Atlassian Jira (v8.20.1#820001) --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@spark.apache.org For additional commands, e-mail: issues-h...@spark.apache.org