Rooba
/
oss-fuzz
mirror of https://github.com/google/oss-fuzz.git
1
1
Fork 0
Code Issues Packages Projects Releases Wiki Activity
oss-fuzz/infra/cifuzz
History
Joyce 3cbb8c9d6e
Show minimal permission needed for CIFuzz workflow (#10283) 
I'm suggesting this change in the CIFuzz example workflow to indicate
the minimal permission needed for the workflow to run and also to follow
the OpenSSF Scorecard Token Permission Check recommendations.

I've tested with
https://github.com/joycebrum/sigstore/actions/runs/4918728701 and the
action ran with success with no permission granted.

the actions/upload-artifact skipped does not need permission to upload
artifacts as can be seen at
https://github.com/joycebrum/sigstore/actions/runs/4928734763

---------

Signed-off-by: Joyce <joycebrum@google.com>
Signed-off-by: jonathanmetzman <31354670+jonathanmetzman@users.noreply.github.com>
Co-authored-by: jonathanmetzman <31354670+jonathanmetzman@users.noreply.github.com>
 		2023-06-15 17:16:44 -04:00
..
actions Optionally write results as SARIF. (#10182) 2023-04-27 17:00:13 -04:00
cifuzz-base [cifuzz] Install gsutil using pip. (#10159) 2023-04-25 12:20:11 -04:00
external-actions Optionally write results as SARIF. (#10182) 2023-04-27 17:00:13 -04:00
filestore Cifuzz upload fix (#9899) 2023-03-16 11:35:55 -04:00
platform_config cifuzz: gitlab filestore by default on gitlab platform (#7218) 2022-02-01 09:27:02 -05:00
test_data [CIfuzz] Fix SARIF functionality. (#10349) 2023-05-31 09:33:58 -04:00
CHANGELOG [CIFuzz] Fix affected fuzz targets. (#7014) 2021-12-14 15:01:22 -05:00
affected_fuzz_targets.py [CIFuzz] Fix affected fuzz targets. (#7014) 2021-12-14 15:01:22 -05:00
affected_fuzz_targets_test.py Improve sarif (#10211) 2023-05-02 13:14:09 -04:00
base_runner_utils.py infra: allow passing architecture=i386 to CIFuzz (#7779) 2022-06-08 15:15:27 -04:00
build-images.sh [build-images.sh] Improve testing (#6709) 2021-10-31 09:54:39 -04:00
build_fuzzers.py [cifuzz][sarif] Fix repo copying and src reporting (#10230) 2023-05-03 15:01:19 -04:00
build_fuzzers_entrypoint.py Fix diffing on non-GitHub and improve config (#6707) 2021-10-31 20:36:07 -04:00
build_fuzzers_test.py [CFL] Allow users to specify custom env vars for building/running (#9171) 2022-12-12 11:00:19 -05:00
cifuzz_combined_entrypoint.py Fix diffing on non-GitHub and improve config (#6707) 2021-10-31 20:36:07 -04:00
cifuzz_end_to_end_test.py [ClusterFuzzLite] Support GCB and gsutil/gcs as filestore. (#6629) 2021-10-27 10:00:04 -04:00
cloudbuild.yaml Fix typo (#6731) 2021-11-01 15:39:27 -04:00
clusterfuzz_deployment.py WIP: allow running ClusterFuzzLite locally (#9087) 2022-12-14 11:23:15 -05:00
clusterfuzz_deployment_test.py Make a better api for platform specific config. (#6708) 2021-11-01 12:29:38 +00:00
config_utils.py Optionally write results as SARIF. (#10182) 2023-04-27 17:00:13 -04:00
config_utils_test.py Make a better api for platform specific config. (#6708) 2021-11-01 12:29:38 +00:00
continuous_integration.py infra: allow passing architecture=i386 to CIFuzz (#7779) 2022-06-08 15:15:27 -04:00
continuous_integration_test.py [CFL] Give docker images unique names to support parallel fuzzing (#7911) 2022-07-12 15:50:10 +02:00
docker.py [CFL] Give docker images unique names to support parallel fuzzing (#7911) 2022-07-12 15:50:10 +02:00
docker_test.py infra: allow passing architecture=i386 to CIFuzz (#7779) 2022-06-08 15:15:27 -04:00
environment.py
example_cifuzz.yml Show minimal permission needed for CIFuzz workflow (#10283) 2023-06-15 17:16:44 -04:00
filestore_utils.py [ClusterFuzzLite] Support local runs (#6987) 2022-01-19 17:24:47 -05:00
filestore_utils_test.py Make a better api for platform specific config. (#6708) 2021-11-01 12:29:38 +00:00
fuzz_target.py Improve sarif (#10211) 2023-05-02 13:14:09 -04:00
fuzz_target_test.py [cifuzz] Fix timeout in reproduce. (#6982) 2021-12-14 11:32:18 -05:00
generate_coverage_report.py
generate_coverage_report_test.py [infra][tests][NFC] Change mocked function prefix from "mocked_" to "mock_" (#6198) 2021-08-12 11:25:57 -07:00
get_coverage.py Fuzz OSS-Fuzz with Atheris and ClusterFuzzLite (#8985) 2022-11-30 15:37:36 -05:00
get_coverage_test.py Fuzz OSS-Fuzz with Atheris and ClusterFuzzLite (#8985) 2022-11-30 15:37:36 -05:00
http_utils.py [cifuzz] Add timeout to http requests. (#9084) 2022-11-29 08:32:27 -05:00
http_utils_test.py [infra][tests][NFC] Change mocked function prefix from "mocked_" to "mock_" (#6198) 2021-08-12 11:25:57 -07:00
logs.py cifuzz: set log level to info by default. (#6604) 2021-10-26 02:18:17 +00:00
package-lock.json [cifuzz] Upgrade artifact package (#9347) 2023-01-03 16:35:21 -05:00
package.json [cifuzz] Upgrade artifact package (#9347) 2023-01-03 16:35:21 -05:00
requirements.txt [cifuzz] Install gsutil using pip. (#10159) 2023-04-25 12:20:11 -04:00
run_cifuzz.py [ClusterFuzzLite] Support GCB and gsutil/gcs as filestore. (#6629) 2021-10-27 10:00:04 -04:00
run_fuzzers.py [cifuzz] Fix sarif upload (#10217) 2023-05-03 08:01:40 -04:00
run_fuzzers_entrypoint.py Prepare for JavaScript fuzzing (#8325) 2022-08-23 17:41:42 -04:00
run_fuzzers_test.py [infra] Temporarily skip failing test. (#7323) 2022-03-02 09:07:12 -05:00
sarif_utils.py [CIfuzz] Fix SARIF functionality. (#10349) 2023-05-31 09:33:58 -04:00
sarif_utils_test.py [CIfuzz] Fix SARIF functionality. (#10349) 2023-05-31 09:33:58 -04:00
test_helpers.py Make a better api for platform specific config. (#6708) 2021-11-01 12:29:38 +00:00
workspace_utils.py [cifuzz][sarif] Fix repo copying and src reporting (#10230) 2023-05-03 15:01:19 -04:00