You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I wanted to use anchore/sbom-action with the dependency-snapshot option but since I always use permissions: read-all (related docs) this didn't work immediately. Instead, the action failed (silently) with the error:
From my testing, the required permissions for the dependency-snapshot option are:
permissions:
content: write
I haven't tried out all other features, but based on their description I thinkanchore/sbom-action/publish-sbom would need the same permissions to be able to upload the SBOM to a GitHub Release.
I think it would be nice to have the minimum required permissions documented to allow users to easily use the minimum required permissions needed and follow the principle of least privilege.
The text was updated successfully, but these errors were encountered:
I wanted to use
anchore/sbom-action
with thedependency-snapshot
option but since I always usepermissions: read-all
(related docs) this didn't work immediately. Instead, the action failed (silently) with the error:From my testing, the required permissions for the
dependency-snapshot
option are:I haven't tried out all other features, but based on their description I think
anchore/sbom-action/publish-sbom
would need the same permissions to be able to upload the SBOM to a GitHub Release.I think it would be nice to have the minimum required permissions documented to allow users to easily use the minimum required permissions needed and follow the principle of least privilege.
The text was updated successfully, but these errors were encountered: