How do I harden GitHub permissions?

Use explicit least-privilege permissions and avoid unnecessary secret scope.

knowledge-base
github
permissions

Use explicit least-privilege permissions and avoid unnecessary secret scope.

Recommended Actions

set minimal permissions block
prefer OIDC where possible

Why this matters

Over-privileged workflows increase supply-chain risk.

Structured Answers

How do I harden GitHub permissions?

Use explicit least-privilege permissions and avoid unnecessary secret scope.

What is the first recommended action for How do I harden GitHub permissions?

set minimal permissions block