Ensure top-level permissions are not set to write-all

Description

This policy checks whether top-level permissions are set to write-all, which could potentially allow unauthorized access or modifications. It is essential to restrict permissions to the least privilege necessary to maintain the security and integrity of the system. By ensuring that top-level permissions are not set to write-all, you can prevent potential security vulnerabilities and data breaches. This rule falls under the IAM category, focusing on identity and access management best practices.

Code Example

yaml

permissions:
  - read
  - execute

Remediation

Update the permissions to a more restrictive setting, such as read-only or specific role-based access control.

Rule Details

Field	Value
ID	IAC-1031
Severity	MEDIUM
IaC Type	github_actions
Frameworks	permissions
Checkov ID	CKV2_GHA_1

References

Checkov Rule

Overview

SAST (Application Security)

SCA (Dependencies)

Secrets Detection

IaC Security

License Compliance

SAST Rules

IaC Rules

License Rules

Ensure top-level permissions are not set to write-all

Description

Code Example

Remediation

Rule Details

References

SAST Rules

IaC Rules

License Rules

Ensure top-level permissions are not set to write-all ​

Description ​

Code Example ​

Remediation ​

Rule Details ​

References ​

Ensure top-level permissions are not set to write-all

Description

Code Example

Remediation

Rule Details

References