vrr/open-notebook
2
0
Fork 0
mirror of https://github.com/lfnovo/open-notebook.git synced 2026-05-01 21:00:43 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
open-notebook/.github/workflows
History
LUIS NOVO 21b6809277 security: add persist-credentials false to checkout step 
Prevent GITHUB_TOKEN from being stored in .git/config when
checking out PR code in pull_request_target workflows. This
is a security best practice to prevent untrusted code from
potentially accessing stored credentials.

While the Claude Code action doesn't execute arbitrary PR code,
this follows defense-in-depth security principles to minimize
attack surface when handling untrusted code from forks.
2026-01-13 18:47:36 -03:00
..
build-and-release.yml fix: yaml.github-actions.security.run-shell-injection.run-shell-injection-.github-workflows-build-and-release.yml (#181) 2025-10-20 05:30:09 -03:00
build-dev.yml ci: remove single-container build from dev workflow 2026-01-09 20:53:32 -03:00
claude-code-review.yml security: add persist-credentials false to checkout step 2026-01-13 18:47:36 -03:00
claude.yml "Update Claude PR Assistant workflow" 2026-01-09 20:04:42 -03:00