[jira] [Updated] (AVRO-4233) Add CodeQL for actions

Ryan Skraba (Jira) Thu, 19 Feb 2026 07:18:10 -0800


     [ 
https://issues.apache.org/jira/browse/AVRO-4233?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Ryan Skraba updated AVRO-4233:
------------------------------
    Description: 
Some guidelines from Infra:

* 
https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=321719166#GitHubActionsSecurity-Buildstriggeredwithpull_request_target
* https://infra.apache.org/github-actions-policy.html

One priority action would be to remove the explicit GITHUB_TOKEN from the 
labeler.yml

  was:
Some guidelines from Infra:

* 
https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=321719166#GitHubActionsSecurity-Buildstriggeredwithpull_request_target
* https://infra.apache.org/github-actions-policy.html


> Add CodeQL for actions
> ----------------------
>
>                 Key: AVRO-4233
>                 URL: https://issues.apache.org/jira/browse/AVRO-4233
>             Project: Apache Avro
>          Issue Type: Task
>          Components: build
>            Reporter: Ryan Skraba
>            Priority: Major
>
> Some guidelines from Infra:
> * 
> https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=321719166#GitHubActionsSecurity-Buildstriggeredwithpull_request_target
> * https://infra.apache.org/github-actions-policy.html
> One priority action would be to remove the explicit GITHUB_TOKEN from the 
> labeler.yml



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (AVRO-4233) Add CodeQL for actions

Reply via email to