eslint-plugin-github-actions-2 1.0.4 → 1.0.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (213) hide show
  1. package/README.md +127 -127
  2. package/dist/_internal/github-actions-config-references.js +1 -1
  3. package/dist/_internal/github-actions-config-references.js.map +1 -1
  4. package/dist/_internal/rule-docs.d.ts +1 -1
  5. package/dist/_internal/rule-docs.d.ts.map +1 -1
  6. package/dist/_internal/workflow-permissions.d.ts +2 -0
  7. package/dist/_internal/workflow-permissions.d.ts.map +1 -1
  8. package/dist/_internal/workflow-permissions.js +54 -7
  9. package/dist/_internal/workflow-permissions.js.map +1 -1
  10. package/dist/plugin.cjs +247 -22
  11. package/dist/plugin.cjs.map +2 -2
  12. package/dist/plugin.d.ts.map +1 -1
  13. package/dist/plugin.js +1 -1
  14. package/dist/plugin.js.map +1 -1
  15. package/dist/rules/action-name-casing.d.ts.map +1 -1
  16. package/dist/rules/action-name-casing.js +4 -0
  17. package/dist/rules/action-name-casing.js.map +1 -1
  18. package/dist/rules/job-id-casing.d.ts.map +1 -1
  19. package/dist/rules/job-id-casing.js +4 -0
  20. package/dist/rules/job-id-casing.js.map +1 -1
  21. package/dist/rules/max-jobs-per-action.d.ts.map +1 -1
  22. package/dist/rules/max-jobs-per-action.js +4 -0
  23. package/dist/rules/max-jobs-per-action.js.map +1 -1
  24. package/dist/rules/no-codeql-autobuild-for-javascript-typescript.d.ts.map +1 -1
  25. package/dist/rules/no-codeql-autobuild-for-javascript-typescript.js +4 -0
  26. package/dist/rules/no-codeql-autobuild-for-javascript-typescript.js.map +1 -1
  27. package/dist/rules/no-codeql-javascript-typescript-split-language-matrix.d.ts.map +1 -1
  28. package/dist/rules/no-codeql-javascript-typescript-split-language-matrix.js +4 -0
  29. package/dist/rules/no-codeql-javascript-typescript-split-language-matrix.js.map +1 -1
  30. package/dist/rules/no-external-job.d.ts.map +1 -1
  31. package/dist/rules/no-external-job.js +4 -0
  32. package/dist/rules/no-external-job.js.map +1 -1
  33. package/dist/rules/no-inherit-secrets.d.ts.map +1 -1
  34. package/dist/rules/no-inherit-secrets.js +4 -0
  35. package/dist/rules/no-inherit-secrets.js.map +1 -1
  36. package/dist/rules/no-invalid-concurrency-context.d.ts.map +1 -1
  37. package/dist/rules/no-invalid-concurrency-context.js +4 -0
  38. package/dist/rules/no-invalid-concurrency-context.js.map +1 -1
  39. package/dist/rules/no-invalid-reusable-workflow-job-key.d.ts.map +1 -1
  40. package/dist/rules/no-invalid-reusable-workflow-job-key.js +4 -0
  41. package/dist/rules/no-invalid-reusable-workflow-job-key.js.map +1 -1
  42. package/dist/rules/no-invalid-workflow-call-output-value.d.ts.map +1 -1
  43. package/dist/rules/no-invalid-workflow-call-output-value.js +4 -0
  44. package/dist/rules/no-invalid-workflow-call-output-value.js.map +1 -1
  45. package/dist/rules/no-pr-head-checkout-in-pull-request-target.d.ts.map +1 -1
  46. package/dist/rules/no-pr-head-checkout-in-pull-request-target.js +4 -0
  47. package/dist/rules/no-pr-head-checkout-in-pull-request-target.js.map +1 -1
  48. package/dist/rules/no-secrets-in-if.d.ts.map +1 -1
  49. package/dist/rules/no-secrets-in-if.js +4 -0
  50. package/dist/rules/no-secrets-in-if.js.map +1 -1
  51. package/dist/rules/no-self-hosted-runner-on-fork-pr-events.d.ts.map +1 -1
  52. package/dist/rules/no-self-hosted-runner-on-fork-pr-events.js +4 -0
  53. package/dist/rules/no-self-hosted-runner-on-fork-pr-events.js.map +1 -1
  54. package/dist/rules/no-top-level-env.d.ts.map +1 -1
  55. package/dist/rules/no-top-level-env.js +4 -0
  56. package/dist/rules/no-top-level-env.js.map +1 -1
  57. package/dist/rules/no-top-level-permissions.d.ts.map +1 -1
  58. package/dist/rules/no-top-level-permissions.js +4 -1
  59. package/dist/rules/no-top-level-permissions.js.map +1 -1
  60. package/dist/rules/no-unknown-job-output-reference.d.ts.map +1 -1
  61. package/dist/rules/no-unknown-job-output-reference.js +4 -0
  62. package/dist/rules/no-unknown-job-output-reference.js.map +1 -1
  63. package/dist/rules/no-unknown-step-reference.d.ts.map +1 -1
  64. package/dist/rules/no-unknown-step-reference.js +4 -0
  65. package/dist/rules/no-unknown-step-reference.js.map +1 -1
  66. package/dist/rules/no-untrusted-input-in-run.d.ts.map +1 -1
  67. package/dist/rules/no-untrusted-input-in-run.js +4 -0
  68. package/dist/rules/no-untrusted-input-in-run.js.map +1 -1
  69. package/dist/rules/no-write-all-permissions.d.ts.map +1 -1
  70. package/dist/rules/no-write-all-permissions.js +4 -0
  71. package/dist/rules/no-write-all-permissions.js.map +1 -1
  72. package/dist/rules/pin-action-shas.d.ts.map +1 -1
  73. package/dist/rules/pin-action-shas.js +4 -0
  74. package/dist/rules/pin-action-shas.js.map +1 -1
  75. package/dist/rules/prefer-fail-fast.d.ts.map +1 -1
  76. package/dist/rules/prefer-fail-fast.js +4 -0
  77. package/dist/rules/prefer-fail-fast.js.map +1 -1
  78. package/dist/rules/prefer-file-extension.d.ts.map +1 -1
  79. package/dist/rules/prefer-file-extension.js +4 -0
  80. package/dist/rules/prefer-file-extension.js.map +1 -1
  81. package/dist/rules/prefer-inputs-context.d.ts.map +1 -1
  82. package/dist/rules/prefer-inputs-context.js +4 -0
  83. package/dist/rules/prefer-inputs-context.js.map +1 -1
  84. package/dist/rules/prefer-step-uses-style.d.ts.map +1 -1
  85. package/dist/rules/prefer-step-uses-style.js +4 -0
  86. package/dist/rules/prefer-step-uses-style.js.map +1 -1
  87. package/dist/rules/require-checkout-before-local-action.d.ts.map +1 -1
  88. package/dist/rules/require-checkout-before-local-action.js +4 -0
  89. package/dist/rules/require-checkout-before-local-action.js.map +1 -1
  90. package/dist/rules/require-codeql-actions-read.d.ts.map +1 -1
  91. package/dist/rules/require-codeql-actions-read.js +4 -0
  92. package/dist/rules/require-codeql-actions-read.js.map +1 -1
  93. package/dist/rules/require-codeql-branch-filters.d.ts.map +1 -1
  94. package/dist/rules/require-codeql-branch-filters.js +4 -0
  95. package/dist/rules/require-codeql-branch-filters.js.map +1 -1
  96. package/dist/rules/require-codeql-category-when-language-matrix.d.ts.map +1 -1
  97. package/dist/rules/require-codeql-category-when-language-matrix.js +4 -0
  98. package/dist/rules/require-codeql-category-when-language-matrix.js.map +1 -1
  99. package/dist/rules/require-codeql-pull-request-trigger.d.ts.map +1 -1
  100. package/dist/rules/require-codeql-pull-request-trigger.js +4 -0
  101. package/dist/rules/require-codeql-pull-request-trigger.js.map +1 -1
  102. package/dist/rules/require-codeql-schedule.d.ts.map +1 -1
  103. package/dist/rules/require-codeql-schedule.js +4 -0
  104. package/dist/rules/require-codeql-schedule.js.map +1 -1
  105. package/dist/rules/require-codeql-security-events-write.d.ts.map +1 -1
  106. package/dist/rules/require-codeql-security-events-write.js +4 -0
  107. package/dist/rules/require-codeql-security-events-write.js.map +1 -1
  108. package/dist/rules/require-dependabot-automation-permissions.d.ts.map +1 -1
  109. package/dist/rules/require-dependabot-automation-permissions.js +4 -0
  110. package/dist/rules/require-dependabot-automation-permissions.js.map +1 -1
  111. package/dist/rules/require-dependabot-automation-pull-request-trigger.d.ts.map +1 -1
  112. package/dist/rules/require-dependabot-automation-pull-request-trigger.js +4 -0
  113. package/dist/rules/require-dependabot-automation-pull-request-trigger.js.map +1 -1
  114. package/dist/rules/require-dependabot-bot-actor-guard.d.ts.map +1 -1
  115. package/dist/rules/require-dependabot-bot-actor-guard.js +4 -0
  116. package/dist/rules/require-dependabot-bot-actor-guard.js.map +1 -1
  117. package/dist/rules/require-dependency-review-fail-on-severity.d.ts.map +1 -1
  118. package/dist/rules/require-dependency-review-fail-on-severity.js +4 -0
  119. package/dist/rules/require-dependency-review-fail-on-severity.js.map +1 -1
  120. package/dist/rules/require-dependency-review-permissions-contents-read.d.ts.map +1 -1
  121. package/dist/rules/require-dependency-review-permissions-contents-read.js +23 -18
  122. package/dist/rules/require-dependency-review-permissions-contents-read.js.map +1 -1
  123. package/dist/rules/require-dependency-review-pull-request-trigger.d.ts.map +1 -1
  124. package/dist/rules/require-dependency-review-pull-request-trigger.js +4 -0
  125. package/dist/rules/require-dependency-review-pull-request-trigger.js.map +1 -1
  126. package/dist/rules/require-fetch-metadata-github-token.d.ts.map +1 -1
  127. package/dist/rules/require-fetch-metadata-github-token.js +4 -0
  128. package/dist/rules/require-fetch-metadata-github-token.js.map +1 -1
  129. package/dist/rules/require-job-name.d.ts.map +1 -1
  130. package/dist/rules/require-job-name.js +4 -0
  131. package/dist/rules/require-job-name.js.map +1 -1
  132. package/dist/rules/require-job-step-name.d.ts.map +1 -1
  133. package/dist/rules/require-job-step-name.js +4 -0
  134. package/dist/rules/require-job-step-name.js.map +1 -1
  135. package/dist/rules/require-job-timeout-minutes.d.ts.map +1 -1
  136. package/dist/rules/require-job-timeout-minutes.js +4 -0
  137. package/dist/rules/require-job-timeout-minutes.js.map +1 -1
  138. package/dist/rules/require-merge-group-trigger.d.ts.map +1 -1
  139. package/dist/rules/require-merge-group-trigger.js +4 -0
  140. package/dist/rules/require-merge-group-trigger.js.map +1 -1
  141. package/dist/rules/require-pull-request-target-branches.d.ts.map +1 -1
  142. package/dist/rules/require-pull-request-target-branches.js +4 -0
  143. package/dist/rules/require-pull-request-target-branches.js.map +1 -1
  144. package/dist/rules/require-run-step-shell.d.ts.map +1 -1
  145. package/dist/rules/require-run-step-shell.js +4 -0
  146. package/dist/rules/require-run-step-shell.js.map +1 -1
  147. package/dist/rules/require-sarif-upload-security-events-write.d.ts.map +1 -1
  148. package/dist/rules/require-sarif-upload-security-events-write.js +4 -0
  149. package/dist/rules/require-sarif-upload-security-events-write.js.map +1 -1
  150. package/dist/rules/require-scorecard-results-format-sarif.d.ts.map +1 -1
  151. package/dist/rules/require-scorecard-results-format-sarif.js +4 -0
  152. package/dist/rules/require-scorecard-results-format-sarif.js.map +1 -1
  153. package/dist/rules/require-scorecard-upload-sarif-step.d.ts.map +1 -1
  154. package/dist/rules/require-scorecard-upload-sarif-step.js +4 -0
  155. package/dist/rules/require-scorecard-upload-sarif-step.js.map +1 -1
  156. package/dist/rules/require-secret-scan-contents-read.d.ts.map +1 -1
  157. package/dist/rules/require-secret-scan-contents-read.js +7 -3
  158. package/dist/rules/require-secret-scan-contents-read.js.map +1 -1
  159. package/dist/rules/require-secret-scan-fetch-depth-zero.d.ts.map +1 -1
  160. package/dist/rules/require-secret-scan-fetch-depth-zero.js +4 -0
  161. package/dist/rules/require-secret-scan-fetch-depth-zero.js.map +1 -1
  162. package/dist/rules/require-secret-scan-schedule.d.ts.map +1 -1
  163. package/dist/rules/require-secret-scan-schedule.js +4 -0
  164. package/dist/rules/require-secret-scan-schedule.js.map +1 -1
  165. package/dist/rules/require-trigger-types.d.ts.map +1 -1
  166. package/dist/rules/require-trigger-types.js +4 -0
  167. package/dist/rules/require-trigger-types.js.map +1 -1
  168. package/dist/rules/require-trufflehog-verified-results-mode.d.ts.map +1 -1
  169. package/dist/rules/require-trufflehog-verified-results-mode.js +4 -0
  170. package/dist/rules/require-trufflehog-verified-results-mode.js.map +1 -1
  171. package/dist/rules/require-workflow-call-input-type.d.ts.map +1 -1
  172. package/dist/rules/require-workflow-call-input-type.js +4 -0
  173. package/dist/rules/require-workflow-call-input-type.js.map +1 -1
  174. package/dist/rules/require-workflow-call-output-value.d.ts.map +1 -1
  175. package/dist/rules/require-workflow-call-output-value.js +4 -0
  176. package/dist/rules/require-workflow-call-output-value.js.map +1 -1
  177. package/dist/rules/require-workflow-concurrency.d.ts.map +1 -1
  178. package/dist/rules/require-workflow-concurrency.js +4 -0
  179. package/dist/rules/require-workflow-concurrency.js.map +1 -1
  180. package/dist/rules/require-workflow-dispatch-input-type.d.ts.map +1 -1
  181. package/dist/rules/require-workflow-dispatch-input-type.js +4 -0
  182. package/dist/rules/require-workflow-dispatch-input-type.js.map +1 -1
  183. package/dist/rules/require-workflow-interface-description.d.ts.map +1 -1
  184. package/dist/rules/require-workflow-interface-description.js +4 -0
  185. package/dist/rules/require-workflow-interface-description.js.map +1 -1
  186. package/dist/rules/require-workflow-run-branches.d.ts.map +1 -1
  187. package/dist/rules/require-workflow-run-branches.js +4 -0
  188. package/dist/rules/require-workflow-run-branches.js.map +1 -1
  189. package/dist/rules/valid-timeout-minutes.d.ts.map +1 -1
  190. package/dist/rules/valid-timeout-minutes.js +4 -0
  191. package/dist/rules/valid-timeout-minutes.js.map +1 -1
  192. package/dist/rules/valid-trigger-events.d.ts.map +1 -1
  193. package/dist/rules/valid-trigger-events.js +4 -0
  194. package/dist/rules/valid-trigger-events.js.map +1 -1
  195. package/docs/rules/guides/authoring-rules.md +34 -0
  196. package/docs/rules/guides/docs-authoring.md +34 -0
  197. package/docs/rules/guides/index.md +15 -0
  198. package/docs/rules/guides/testing-rules.md +34 -0
  199. package/docs/rules/no-top-level-permissions.md +4 -4
  200. package/docs/rules/presets/action-metadata.md +8 -8
  201. package/docs/rules/presets/all.md +123 -124
  202. package/docs/rules/presets/code-scanning.md +8 -8
  203. package/docs/rules/presets/dependabot.md +8 -8
  204. package/docs/rules/presets/index.md +119 -123
  205. package/docs/rules/presets/recommended.md +8 -8
  206. package/docs/rules/presets/security.md +8 -8
  207. package/docs/rules/presets/strict.md +8 -8
  208. package/docs/rules/presets/workflow-template-properties.md +8 -8
  209. package/docs/rules/presets/workflow-templates.md +8 -8
  210. package/docs/rules/require-dependency-review-permissions-contents-read.md +15 -4
  211. package/docs/rules/require-secret-scan-contents-read.md +10 -2
  212. package/docs/rules/require-workflow-permissions.md +4 -4
  213. package/package.json +1 -1
package/docs/rules/presets/index.md CHANGED
@@ -16,10 +16,7 @@ The plugin exports nine flat-config presets:
16
16
  - [`githubActions.configs.strict`](./strict.md)
17
17
  - [`githubActions.configs.all`](./all.md)
18
18
 
19
- These presets cover workflow YAML, action metadata (`action.yml` / `action.yaml`),
20
- repository Dependabot configuration (`.github/dependabot.yml`), and workflow
21
- template package files (`workflow-templates/*.yml`, `*.yaml`, and
22
- `*.properties.json`).
19
+ These presets cover workflow YAML, action metadata (`action.yml` / `action.yaml`), repository Dependabot configuration (`.github/dependabot.yml`), and workflow template package files (`workflow-templates/*.yml`, `*.yaml`, and `*.properties.json`).
23
20
 
24
21
  ## How to choose
25
22
 
@@ -27,11 +24,10 @@ template package files (`workflow-templates/*.yml`, `*.yaml`, and
27
24
  - Layer **security** for stronger supply-chain and permissions-focused checks.
28
25
  - Use **codeScanning** for CodeQL, dependency review, SARIF upload, and related code-scanning workflows.
29
26
  - Use **strict** when you want high signal on operational consistency.
30
- - Use **all** for complete rule coverage (best for internal policy repos).
27
+ - Use **all** for complete bundled rule coverage (best for internal policy repos), and layer opt-in policy rules manually when your standards require them.
31
28
  - Use **dependabot** when you want a dedicated policy surface for dependency update automation.
32
29
 
33
- Then review [getting started](../getting-started.md) and the full
34
- [rule reference](../overview.md).
30
+ Then review [getting started](../getting-started.md) and the full [rule reference](../overview.md).
35
31
 
36
32
  ## Rule Matrix
37
33
 
@@ -53,119 +49,119 @@ Preset key legend:
53
49
  - [🔴](./strict.md) — [`githubActions.configs.strict`](./strict.md)
54
50
  - [🟣](./all.md) — [`githubActions.configs.all`](./all.md)
55
51
 
56
- | Rule | Fix | Preset key |
57
- | --- | :-: | --- |
58
- | <span class="sb-inline-rule-number">R009</span> [`action-name-casing`](../action-name-casing.md) | 🔧 | [🟣](./all.md) [🔴](./strict.md) |
59
- | <span class="sb-inline-rule-number">R010</span> [`job-id-casing`](../job-id-casing.md) | | [🟣](./all.md) [🔴](./strict.md) |
60
- | <span class="sb-inline-rule-number">R011</span> [`max-jobs-per-action`](../max-jobs-per-action.md) | | [🟣](./all.md) [🔴](./strict.md) |
61
- | <span class="sb-inline-rule-number">R048</span> [`no-case-insensitive-input-id-collision`](../no-case-insensitive-input-id-collision.md) | | [🧩](./action-metadata.md) [🟣](./all.md) |
62
- | <span class="sb-inline-rule-number">R097</span> [`no-codeql-autobuild-for-javascript-typescript`](../no-codeql-autobuild-for-javascript-typescript.md) | | [🟣](./all.md) [🔎](./code-scanning.md) |
63
- | <span class="sb-inline-rule-number">R096</span> [`no-codeql-javascript-typescript-split-language-matrix`](../no-codeql-javascript-typescript-split-language-matrix.md) | | [🟣](./all.md) [🔎](./code-scanning.md) |
64
- | <span class="sb-inline-rule-number">R049</span> [`no-composite-input-env-access`](../no-composite-input-env-access.md) | | [🧩](./action-metadata.md) [🟣](./all.md) |
65
- | <span class="sb-inline-rule-number">R044</span> [`no-deprecated-node-runtime`](../no-deprecated-node-runtime.md) | | [🧩](./action-metadata.md) [🟣](./all.md) |
66
- | <span class="sb-inline-rule-number">R051</span> [`no-duplicate-composite-step-id`](../no-duplicate-composite-step-id.md) | | [🧩](./action-metadata.md) [🟣](./all.md) |
67
- | <span class="sb-inline-rule-number">R060</span> [`no-empty-template-file-pattern`](../no-empty-template-file-pattern.md) | 🔧 | [🗂️](./workflow-template-properties.md) [🧱](./workflow-templates.md) [🟣](./all.md) |
68
- | <span class="sb-inline-rule-number">R012</span> [`no-external-job`](../no-external-job.md) | | [🟣](./all.md) [🔴](./strict.md) |
69
- | <span class="sb-inline-rule-number">R068</span> [`no-hardcoded-default-branch-in-template`](../no-hardcoded-default-branch-in-template.md) | | [🧱](./workflow-templates.md) [🟣](./all.md) |
70
- | <span class="sb-inline-rule-number">R063</span> [`no-icon-file-extension-in-template-icon-name`](../no-icon-file-extension-in-template-icon-name.md) | 🔧 | [🗂️](./workflow-template-properties.md) [🧱](./workflow-templates.md) [🟣](./all.md) |
71
- | <span class="sb-inline-rule-number">R026</span> [`no-inherit-secrets`](../no-inherit-secrets.md) | | [🟣](./all.md) [🛡️](./security.md) [🔴](./strict.md) |
72
- | <span class="sb-inline-rule-number">R042</span> [`no-invalid-concurrency-context`](../no-invalid-concurrency-context.md) | | [🟣](./all.md) [🟡](./recommended.md) [🔴](./strict.md) |
73
- | <span class="sb-inline-rule-number">R019</span> [`no-invalid-key`](../no-invalid-key.md) | | [🟣](./all.md) [🟡](./recommended.md) [🔴](./strict.md) |
74
- | <span class="sb-inline-rule-number">R041</span> [`no-invalid-reusable-workflow-job-key`](../no-invalid-reusable-workflow-job-key.md) | | [🟣](./all.md) [🟡](./recommended.md) [🔴](./strict.md) |
75
- | <span class="sb-inline-rule-number">R059</span> [`no-invalid-template-file-pattern-regex`](../no-invalid-template-file-pattern-regex.md) | | [🗂️](./workflow-template-properties.md) [🧱](./workflow-templates.md) [🟣](./all.md) |
76
- | <span class="sb-inline-rule-number">R040</span> [`no-invalid-workflow-call-output-value`](../no-invalid-workflow-call-output-value.md) | | [🟣](./all.md) [🟡](./recommended.md) [🔴](./strict.md) |
77
- | <span class="sb-inline-rule-number">R095</span> [`no-overlapping-dependabot-directories`](../no-overlapping-dependabot-directories.md) | | [🟣](./all.md) [🤖](./dependabot.md) |
78
- | <span class="sb-inline-rule-number">R064</span> [`no-path-separators-in-template-icon-name`](../no-path-separators-in-template-icon-name.md) | 💡 | [🗂️](./workflow-template-properties.md) [🧱](./workflow-templates.md) [🟣](./all.md) |
79
- | <span class="sb-inline-rule-number">R046</span> [`no-post-if-without-post`](../no-post-if-without-post.md) | 🔧 | [🧩](./action-metadata.md) [🟣](./all.md) |
80
- | <span class="sb-inline-rule-number">R030</span> [`no-pr-head-checkout-in-pull-request-target`](../no-pr-head-checkout-in-pull-request-target.md) | | [🟣](./all.md) [🛡️](./security.md) [🔴](./strict.md) |
81
- | <span class="sb-inline-rule-number">R045</span> [`no-pre-if-without-pre`](../no-pre-if-without-pre.md) | 🔧 | [🧩](./action-metadata.md) [🟣](./all.md) |
82
- | <span class="sb-inline-rule-number">R047</span> [`no-required-input-with-default`](../no-required-input-with-default.md) | 💡 | [🧩](./action-metadata.md) [🟣](./all.md) |
83
- | <span class="sb-inline-rule-number">R027</span> [`no-secrets-in-if`](../no-secrets-in-if.md) | | [🟣](./all.md) [🟡](./recommended.md) [🛡️](./security.md) [🔴](./strict.md) |
84
- | <span class="sb-inline-rule-number">R036</span> [`no-self-hosted-runner-on-fork-pr-events`](../no-self-hosted-runner-on-fork-pr-events.md) | | [🟣](./all.md) [🛡️](./security.md) [🔴](./strict.md) |
85
- | <span class="sb-inline-rule-number">R062</span> [`no-subdirectory-template-file-pattern`](../no-subdirectory-template-file-pattern.md) | | [🗂️](./workflow-template-properties.md) [🧱](./workflow-templates.md) [🟣](./all.md) |
86
- | <span class="sb-inline-rule-number">R069</span> [`no-template-placeholder-in-non-template-workflow`](../no-template-placeholder-in-non-template-workflow.md) | | [🟡](./recommended.md) [🔴](./strict.md) [🟣](./all.md) |
87
- | <span class="sb-inline-rule-number">R013</span> [`no-top-level-env`](../no-top-level-env.md) | | [🟣](./all.md) [🔴](./strict.md) |
88
- | <span class="sb-inline-rule-number">R014</span> [`no-top-level-permissions`](../no-top-level-permissions.md) | | [🟣](./all.md) |
89
- | <span class="sb-inline-rule-number">R061</span> [`no-universal-template-file-pattern`](../no-universal-template-file-pattern.md) | | [🗂️](./workflow-template-properties.md) [🧱](./workflow-templates.md) [🟣](./all.md) |
90
- | <span class="sb-inline-rule-number">R081</span> [`no-unknown-dependabot-multi-ecosystem-group`](../no-unknown-dependabot-multi-ecosystem-group.md) | | [🟣](./all.md) [🤖](./dependabot.md) |
91
- | <span class="sb-inline-rule-number">R050</span> [`no-unknown-input-reference-in-composite`](../no-unknown-input-reference-in-composite.md) | | [🧩](./action-metadata.md) [🟣](./all.md) |
92
- | <span class="sb-inline-rule-number">R037</span> [`no-unknown-job-output-reference`](../no-unknown-job-output-reference.md) | | [🟣](./all.md) [🟡](./recommended.md) [🔴](./strict.md) |
93
- | <span class="sb-inline-rule-number">R038</span> [`no-unknown-step-reference`](../no-unknown-step-reference.md) | | [🟣](./all.md) [🔴](./strict.md) |
94
- | <span class="sb-inline-rule-number">R029</span> [`no-untrusted-input-in-run`](../no-untrusted-input-in-run.md) | | [🟣](./all.md) [🛡️](./security.md) [🔴](./strict.md) |
95
- | <span class="sb-inline-rule-number">R085</span> [`no-unused-dependabot-enable-beta-ecosystems`](../no-unused-dependabot-enable-beta-ecosystems.md) | 🔧 | [🟣](./all.md) [🤖](./dependabot.md) |
96
- | <span class="sb-inline-rule-number">R053</span> [`no-unused-input-in-composite`](../no-unused-input-in-composite.md) | | [🧩](./action-metadata.md) [🟣](./all.md) |
97
- | <span class="sb-inline-rule-number">R023</span> [`no-write-all-permissions`](../no-write-all-permissions.md) | | [🟣](./all.md) [🟡](./recommended.md) [🛡️](./security.md) [🔴](./strict.md) |
98
- | <span class="sb-inline-rule-number">R003</span> [`pin-action-shas`](../pin-action-shas.md) | | [🟣](./all.md) [🛡️](./security.md) [🔴](./strict.md) |
99
- | <span class="sb-inline-rule-number">R043</span> [`prefer-action-yml`](../prefer-action-yml.md) | | [🧩](./action-metadata.md) [🟣](./all.md) |
100
- | <span class="sb-inline-rule-number">R015</span> [`prefer-fail-fast`](../prefer-fail-fast.md) | | [🟣](./all.md) [🔴](./strict.md) |
101
- | <span class="sb-inline-rule-number">R020</span> [`prefer-file-extension`](../prefer-file-extension.md) | | [🟣](./all.md) [🟡](./recommended.md) [🔴](./strict.md) |
102
- | <span class="sb-inline-rule-number">R033</span> [`prefer-inputs-context`](../prefer-inputs-context.md) | 🔧 | [🟣](./all.md) [🟡](./recommended.md) [🔴](./strict.md) |
103
- | <span class="sb-inline-rule-number">R016</span> [`prefer-step-uses-style`](../prefer-step-uses-style.md) | | [🟣](./all.md) |
104
- | <span class="sb-inline-rule-number">R066</span> [`prefer-template-yml-extension`](../prefer-template-yml-extension.md) | | [🧱](./workflow-templates.md) [🟣](./all.md) |
105
- | <span class="sb-inline-rule-number">R005</span> [`require-action-name`](../require-action-name.md) | | [🟣](./all.md) [🟡](./recommended.md) [🔴](./strict.md) |
106
- | <span class="sb-inline-rule-number">R006</span> [`require-action-run-name`](../require-action-run-name.md) | | [🟣](./all.md) [🔴](./strict.md) |
107
- | <span class="sb-inline-rule-number">R025</span> [`require-checkout-before-local-action`](../require-checkout-before-local-action.md) | | [🟣](./all.md) [🟡](./recommended.md) [🔴](./strict.md) |
108
- | <span class="sb-inline-rule-number">R099</span> [`require-codeql-actions-read`](../require-codeql-actions-read.md) | | [🟣](./all.md) [🔎](./code-scanning.md) |
109
- | <span class="sb-inline-rule-number">R113</span> [`require-codeql-branch-filters`](../require-codeql-branch-filters.md) | | [🟣](./all.md) [🔎](./code-scanning.md) |
110
- | <span class="sb-inline-rule-number">R114</span> [`require-codeql-category-when-language-matrix`](../require-codeql-category-when-language-matrix.md) | | [🟣](./all.md) [🔎](./code-scanning.md) |
111
- | <span class="sb-inline-rule-number">R100</span> [`require-codeql-pull-request-trigger`](../require-codeql-pull-request-trigger.md) | | [🟣](./all.md) [🔎](./code-scanning.md) |
112
- | <span class="sb-inline-rule-number">R101</span> [`require-codeql-schedule`](../require-codeql-schedule.md) | | [🟣](./all.md) [🔎](./code-scanning.md) |
113
- | <span class="sb-inline-rule-number">R098</span> [`require-codeql-security-events-write`](../require-codeql-security-events-write.md) | | [🟣](./all.md) [🔎](./code-scanning.md) [🛡️](./security.md) |
114
- | <span class="sb-inline-rule-number">R052</span> [`require-composite-step-name`](../require-composite-step-name.md) | | [🧩](./action-metadata.md) [🟣](./all.md) |
115
- | <span class="sb-inline-rule-number">R077</span> [`require-dependabot-assignees`](../require-dependabot-assignees.md) | | [🟣](./all.md) [🤖](./dependabot.md) |
116
- | <span class="sb-inline-rule-number">R111</span> [`require-dependabot-automation-permissions`](../require-dependabot-automation-permissions.md) | | [🟣](./all.md) [🛡️](./security.md) |
117
- | <span class="sb-inline-rule-number">R112</span> [`require-dependabot-automation-pull-request-trigger`](../require-dependabot-automation-pull-request-trigger.md) | | [🟣](./all.md) [🛡️](./security.md) |
118
- | <span class="sb-inline-rule-number">R109</span> [`require-dependabot-bot-actor-guard`](../require-dependabot-bot-actor-guard.md) | | [🟣](./all.md) [🛡️](./security.md) |
119
- | <span class="sb-inline-rule-number">R089</span> [`require-dependabot-commit-message-include-scope`](../require-dependabot-commit-message-include-scope.md) | | [🟣](./all.md) [🤖](./dependabot.md) |
120
- | <span class="sb-inline-rule-number">R079</span> [`require-dependabot-commit-message-prefix`](../require-dependabot-commit-message-prefix.md) | | [🟣](./all.md) [🤖](./dependabot.md) |
121
- | <span class="sb-inline-rule-number">R090</span> [`require-dependabot-commit-message-prefix-development`](../require-dependabot-commit-message-prefix-development.md) | | [🟣](./all.md) [🤖](./dependabot.md) |
122
- | <span class="sb-inline-rule-number">R086</span> [`require-dependabot-cooldown`](../require-dependabot-cooldown.md) | | [🟣](./all.md) [🤖](./dependabot.md) |
123
- | <span class="sb-inline-rule-number">R073</span> [`require-dependabot-directory`](../require-dependabot-directory.md) | | [🟣](./all.md) [🤖](./dependabot.md) |
124
- | <span class="sb-inline-rule-number">R084</span> [`require-dependabot-github-actions-directory-root`](../require-dependabot-github-actions-directory-root.md) | 🔧 | [🟣](./all.md) [🤖](./dependabot.md) |
125
- | <span class="sb-inline-rule-number">R080</span> [`require-dependabot-labels`](../require-dependabot-labels.md) | | [🟣](./all.md) [🤖](./dependabot.md) |
126
- | <span class="sb-inline-rule-number">R087</span> [`require-dependabot-open-pull-requests-limit`](../require-dependabot-open-pull-requests-limit.md) | | [🟣](./all.md) [🤖](./dependabot.md) |
127
- | <span class="sb-inline-rule-number">R072</span> [`require-dependabot-package-ecosystem`](../require-dependabot-package-ecosystem.md) | | [🟣](./all.md) [🤖](./dependabot.md) |
128
- | <span class="sb-inline-rule-number">R082</span> [`require-dependabot-patterns-for-multi-ecosystem-group`](../require-dependabot-patterns-for-multi-ecosystem-group.md) | | [🟣](./all.md) [🤖](./dependabot.md) |
129
- | <span class="sb-inline-rule-number">R083</span> [`require-dependabot-schedule-cronjob`](../require-dependabot-schedule-cronjob.md) | | [🟣](./all.md) [🤖](./dependabot.md) |
130
- | <span class="sb-inline-rule-number">R074</span> [`require-dependabot-schedule-interval`](../require-dependabot-schedule-interval.md) | | [🟣](./all.md) [🤖](./dependabot.md) |
131
- | <span class="sb-inline-rule-number">R075</span> [`require-dependabot-schedule-time`](../require-dependabot-schedule-time.md) | | [🟣](./all.md) [🤖](./dependabot.md) |
132
- | <span class="sb-inline-rule-number">R076</span> [`require-dependabot-schedule-timezone`](../require-dependabot-schedule-timezone.md) | | [🟣](./all.md) [🤖](./dependabot.md) |
133
- | <span class="sb-inline-rule-number">R078</span> [`require-dependabot-target-branch`](../require-dependabot-target-branch.md) | | [🟣](./all.md) [🤖](./dependabot.md) |
134
- | <span class="sb-inline-rule-number">R071</span> [`require-dependabot-updates`](../require-dependabot-updates.md) | | [🟣](./all.md) [🤖](./dependabot.md) |
135
- | <span class="sb-inline-rule-number">R070</span> [`require-dependabot-version`](../require-dependabot-version.md) | 🔧 | [🟣](./all.md) [🤖](./dependabot.md) |
136
- | <span class="sb-inline-rule-number">R088</span> [`require-dependabot-versioning-strategy-for-npm`](../require-dependabot-versioning-strategy-for-npm.md) | | [🟣](./all.md) [🤖](./dependabot.md) |
137
- | <span class="sb-inline-rule-number">R091</span> [`require-dependency-review-action`](../require-dependency-review-action.md) | | [🟣](./all.md) [🔎](./code-scanning.md) [🛡️](./security.md) |
138
- | <span class="sb-inline-rule-number">R093</span> [`require-dependency-review-fail-on-severity`](../require-dependency-review-fail-on-severity.md) | | [🟣](./all.md) [🔎](./code-scanning.md) [🛡️](./security.md) |
139
- | <span class="sb-inline-rule-number">R092</span> [`require-dependency-review-permissions-contents-read`](../require-dependency-review-permissions-contents-read.md) | | [🟣](./all.md) [🔎](./code-scanning.md) [🛡️](./security.md) |
140
- | <span class="sb-inline-rule-number">R094</span> [`require-dependency-review-pull-request-trigger`](../require-dependency-review-pull-request-trigger.md) | | [🟣](./all.md) [🔎](./code-scanning.md) [🛡️](./security.md) |
141
- | <span class="sb-inline-rule-number">R110</span> [`require-fetch-metadata-github-token`](../require-fetch-metadata-github-token.md) | | [🟣](./all.md) [🛡️](./security.md) |
142
- | <span class="sb-inline-rule-number">R007</span> [`require-job-name`](../require-job-name.md) | 💡 | [🟣](./all.md) [🔴](./strict.md) |
143
- | <span class="sb-inline-rule-number">R008</span> [`require-job-step-name`](../require-job-step-name.md) | 💡 | [🟣](./all.md) [🔴](./strict.md) |
144
- | <span class="sb-inline-rule-number">R002</span> [`require-job-timeout-minutes`](../require-job-timeout-minutes.md) | | [🟣](./all.md) [🟡](./recommended.md) [🔴](./strict.md) |
145
- | <span class="sb-inline-rule-number">R035</span> [`require-merge-group-trigger`](../require-merge-group-trigger.md) | | [🟣](./all.md) [🔴](./strict.md) |
146
- | <span class="sb-inline-rule-number">R032</span> [`require-pull-request-target-branches`](../require-pull-request-target-branches.md) | | [🟣](./all.md) [🛡️](./security.md) [🔴](./strict.md) |
147
- | <span class="sb-inline-rule-number">R021</span> [`require-run-step-shell`](../require-run-step-shell.md) | | [🟣](./all.md) [🔴](./strict.md) |
148
- | <span class="sb-inline-rule-number">R102</span> [`require-sarif-upload-security-events-write`](../require-sarif-upload-security-events-write.md) | | [🟣](./all.md) [🔎](./code-scanning.md) [🛡️](./security.md) |
149
- | <span class="sb-inline-rule-number">R103</span> [`require-scorecard-results-format-sarif`](../require-scorecard-results-format-sarif.md) | | [🟣](./all.md) [🔎](./code-scanning.md) |
150
- | <span class="sb-inline-rule-number">R104</span> [`require-scorecard-upload-sarif-step`](../require-scorecard-upload-sarif-step.md) | | [🟣](./all.md) [🔎](./code-scanning.md) |
151
- | <span class="sb-inline-rule-number">R107</span> [`require-secret-scan-contents-read`](../require-secret-scan-contents-read.md) | | [🟣](./all.md) [🛡️](./security.md) |
152
- | <span class="sb-inline-rule-number">R105</span> [`require-secret-scan-fetch-depth-zero`](../require-secret-scan-fetch-depth-zero.md) | | [🟣](./all.md) [🛡️](./security.md) |
153
- | <span class="sb-inline-rule-number">R106</span> [`require-secret-scan-schedule`](../require-secret-scan-schedule.md) | | [🟣](./all.md) [🛡️](./security.md) |
154
- | <span class="sb-inline-rule-number">R057</span> [`require-template-categories`](../require-template-categories.md) | | [🗂️](./workflow-template-properties.md) [🧱](./workflow-templates.md) [🟣](./all.md) |
155
- | <span class="sb-inline-rule-number">R058</span> [`require-template-file-patterns`](../require-template-file-patterns.md) | | [🗂️](./workflow-template-properties.md) [🧱](./workflow-templates.md) [🟣](./all.md) |
156
- | <span class="sb-inline-rule-number">R065</span> [`require-template-icon-file-exists`](../require-template-icon-file-exists.md) | | [🗂️](./workflow-template-properties.md) [🧱](./workflow-templates.md) [🟣](./all.md) |
157
- | <span class="sb-inline-rule-number">R056</span> [`require-template-icon-name`](../require-template-icon-name.md) | | [🗂️](./workflow-template-properties.md) [🧱](./workflow-templates.md) [🟣](./all.md) |
158
- | <span class="sb-inline-rule-number">R067</span> [`require-template-workflow-name`](../require-template-workflow-name.md) | | [🧱](./workflow-templates.md) [🟣](./all.md) |
159
- | <span class="sb-inline-rule-number">R031</span> [`require-trigger-types`](../require-trigger-types.md) | | [🟣](./all.md) [🔴](./strict.md) |
160
- | <span class="sb-inline-rule-number">R108</span> [`require-trufflehog-verified-results-mode`](../require-trufflehog-verified-results-mode.md) | | [🟣](./all.md) [🛡️](./security.md) |
161
- | <span class="sb-inline-rule-number">R034</span> [`require-workflow-call-input-type`](../require-workflow-call-input-type.md) | | [🟣](./all.md) [🟡](./recommended.md) [🔴](./strict.md) |
162
- | <span class="sb-inline-rule-number">R039</span> [`require-workflow-call-output-value`](../require-workflow-call-output-value.md) | | [🟣](./all.md) [🟡](./recommended.md) [🔴](./strict.md) |
163
- | <span class="sb-inline-rule-number">R004</span> [`require-workflow-concurrency`](../require-workflow-concurrency.md) | | [🟣](./all.md) [🔴](./strict.md) |
164
- | <span class="sb-inline-rule-number">R022</span> [`require-workflow-dispatch-input-type`](../require-workflow-dispatch-input-type.md) | | [🟣](./all.md) [🟡](./recommended.md) [🔴](./strict.md) |
165
- | <span class="sb-inline-rule-number">R024</span> [`require-workflow-interface-description`](../require-workflow-interface-description.md) | | [🟣](./all.md) [🔴](./strict.md) |
166
- | <span class="sb-inline-rule-number">R001</span> [`require-workflow-permissions`](../require-workflow-permissions.md) | | [🟣](./all.md) [🟡](./recommended.md) [🛡️](./security.md) [🔴](./strict.md) |
167
- | <span class="sb-inline-rule-number">R028</span> [`require-workflow-run-branches`](../require-workflow-run-branches.md) | | [🟣](./all.md) [🛡️](./security.md) [🔴](./strict.md) |
168
- | <span class="sb-inline-rule-number">R054</span> [`require-workflow-template-pair`](../require-workflow-template-pair.md) | | [🧱](./workflow-templates.md) [🟣](./all.md) |
169
- | <span class="sb-inline-rule-number">R055</span> [`require-workflow-template-properties-pair`](../require-workflow-template-properties-pair.md) | | [🗂️](./workflow-template-properties.md) [🧱](./workflow-templates.md) [🟣](./all.md) |
170
- | <span class="sb-inline-rule-number">R017</span> [`valid-timeout-minutes`](../valid-timeout-minutes.md) | | [🟣](./all.md) [🟡](./recommended.md) [🔴](./strict.md) |
171
- | <span class="sb-inline-rule-number">R018</span> [`valid-trigger-events`](../valid-trigger-events.md) | | [🟣](./all.md) [🟡](./recommended.md) [🔴](./strict.md) |
52
+ | Rule | Fix | Preset key |
53
+ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------- | :-: | ------------------------------------------------------------------------------------- |
54
+ | <span class="sb-inline-rule-number">R009</span> [`action-name-casing`](../action-name-casing.md) | 🔧 | [🟣](./all.md) [🔴](./strict.md) |
55
+ | <span class="sb-inline-rule-number">R010</span> [`job-id-casing`](../job-id-casing.md) | | [🟣](./all.md) [🔴](./strict.md) |
56
+ | <span class="sb-inline-rule-number">R011</span> [`max-jobs-per-action`](../max-jobs-per-action.md) | | [🟣](./all.md) [🔴](./strict.md) |
57
+ | <span class="sb-inline-rule-number">R048</span> [`no-case-insensitive-input-id-collision`](../no-case-insensitive-input-id-collision.md) | | [🧩](./action-metadata.md) [🟣](./all.md) |
58
+ | <span class="sb-inline-rule-number">R097</span> [`no-codeql-autobuild-for-javascript-typescript`](../no-codeql-autobuild-for-javascript-typescript.md) | | [🟣](./all.md) [🔎](./code-scanning.md) |
59
+ | <span class="sb-inline-rule-number">R096</span> [`no-codeql-javascript-typescript-split-language-matrix`](../no-codeql-javascript-typescript-split-language-matrix.md) | | [🟣](./all.md) [🔎](./code-scanning.md) |
60
+ | <span class="sb-inline-rule-number">R049</span> [`no-composite-input-env-access`](../no-composite-input-env-access.md) | | [🧩](./action-metadata.md) [🟣](./all.md) |
61
+ | <span class="sb-inline-rule-number">R044</span> [`no-deprecated-node-runtime`](../no-deprecated-node-runtime.md) | | [🧩](./action-metadata.md) [🟣](./all.md) |
62
+ | <span class="sb-inline-rule-number">R051</span> [`no-duplicate-composite-step-id`](../no-duplicate-composite-step-id.md) | | [🧩](./action-metadata.md) [🟣](./all.md) |
63
+ | <span class="sb-inline-rule-number">R060</span> [`no-empty-template-file-pattern`](../no-empty-template-file-pattern.md) | 🔧 | [🗂️](./workflow-template-properties.md) [🧱](./workflow-templates.md) [🟣](./all.md) |
64
+ | <span class="sb-inline-rule-number">R012</span> [`no-external-job`](../no-external-job.md) | | [🟣](./all.md) [🔴](./strict.md) |
65
+ | <span class="sb-inline-rule-number">R068</span> [`no-hardcoded-default-branch-in-template`](../no-hardcoded-default-branch-in-template.md) | | [🧱](./workflow-templates.md) [🟣](./all.md) |
66
+ | <span class="sb-inline-rule-number">R063</span> [`no-icon-file-extension-in-template-icon-name`](../no-icon-file-extension-in-template-icon-name.md) | 🔧 | [🗂️](./workflow-template-properties.md) [🧱](./workflow-templates.md) [🟣](./all.md) |
67
+ | <span class="sb-inline-rule-number">R026</span> [`no-inherit-secrets`](../no-inherit-secrets.md) | | [🟣](./all.md) [🛡️](./security.md) [🔴](./strict.md) |
68
+ | <span class="sb-inline-rule-number">R042</span> [`no-invalid-concurrency-context`](../no-invalid-concurrency-context.md) | | [🟣](./all.md) [🟡](./recommended.md) [🔴](./strict.md) |
69
+ | <span class="sb-inline-rule-number">R019</span> [`no-invalid-key`](../no-invalid-key.md) | | [🟣](./all.md) [🟡](./recommended.md) [🔴](./strict.md) |
70
+ | <span class="sb-inline-rule-number">R041</span> [`no-invalid-reusable-workflow-job-key`](../no-invalid-reusable-workflow-job-key.md) | | [🟣](./all.md) [🟡](./recommended.md) [🔴](./strict.md) |
71
+ | <span class="sb-inline-rule-number">R059</span> [`no-invalid-template-file-pattern-regex`](../no-invalid-template-file-pattern-regex.md) | | [🗂️](./workflow-template-properties.md) [🧱](./workflow-templates.md) [🟣](./all.md) |
72
+ | <span class="sb-inline-rule-number">R040</span> [`no-invalid-workflow-call-output-value`](../no-invalid-workflow-call-output-value.md) | | [🟣](./all.md) [🟡](./recommended.md) [🔴](./strict.md) |
73
+ | <span class="sb-inline-rule-number">R095</span> [`no-overlapping-dependabot-directories`](../no-overlapping-dependabot-directories.md) | | [🟣](./all.md) [🤖](./dependabot.md) |
74
+ | <span class="sb-inline-rule-number">R064</span> [`no-path-separators-in-template-icon-name`](../no-path-separators-in-template-icon-name.md) | 💡 | [🗂️](./workflow-template-properties.md) [🧱](./workflow-templates.md) [🟣](./all.md) |
75
+ | <span class="sb-inline-rule-number">R046</span> [`no-post-if-without-post`](../no-post-if-without-post.md) | 🔧 | [🧩](./action-metadata.md) [🟣](./all.md) |
76
+ | <span class="sb-inline-rule-number">R030</span> [`no-pr-head-checkout-in-pull-request-target`](../no-pr-head-checkout-in-pull-request-target.md) | | [🟣](./all.md) [🛡️](./security.md) [🔴](./strict.md) |
77
+ | <span class="sb-inline-rule-number">R045</span> [`no-pre-if-without-pre`](../no-pre-if-without-pre.md) | 🔧 | [🧩](./action-metadata.md) [🟣](./all.md) |
78
+ | <span class="sb-inline-rule-number">R047</span> [`no-required-input-with-default`](../no-required-input-with-default.md) | 💡 | [🧩](./action-metadata.md) [🟣](./all.md) |
79
+ | <span class="sb-inline-rule-number">R027</span> [`no-secrets-in-if`](../no-secrets-in-if.md) | | [🟣](./all.md) [🟡](./recommended.md) [🛡️](./security.md) [🔴](./strict.md) |
80
+ | <span class="sb-inline-rule-number">R036</span> [`no-self-hosted-runner-on-fork-pr-events`](../no-self-hosted-runner-on-fork-pr-events.md) | | [🟣](./all.md) [🛡️](./security.md) [🔴](./strict.md) |
81
+ | <span class="sb-inline-rule-number">R062</span> [`no-subdirectory-template-file-pattern`](../no-subdirectory-template-file-pattern.md) | | [🗂️](./workflow-template-properties.md) [🧱](./workflow-templates.md) [🟣](./all.md) |
82
+ | <span class="sb-inline-rule-number">R069</span> [`no-template-placeholder-in-non-template-workflow`](../no-template-placeholder-in-non-template-workflow.md) | | [🟡](./recommended.md) [🔴](./strict.md) [🟣](./all.md) |
83
+ | <span class="sb-inline-rule-number">R013</span> [`no-top-level-env`](../no-top-level-env.md) | | [🟣](./all.md) [🔴](./strict.md) |
84
+ | <span class="sb-inline-rule-number">R014</span> [`no-top-level-permissions`](../no-top-level-permissions.md) | | |
85
+ | <span class="sb-inline-rule-number">R061</span> [`no-universal-template-file-pattern`](../no-universal-template-file-pattern.md) | | [🗂️](./workflow-template-properties.md) [🧱](./workflow-templates.md) [🟣](./all.md) |
86
+ | <span class="sb-inline-rule-number">R081</span> [`no-unknown-dependabot-multi-ecosystem-group`](../no-unknown-dependabot-multi-ecosystem-group.md) | | [🟣](./all.md) [🤖](./dependabot.md) |
87
+ | <span class="sb-inline-rule-number">R050</span> [`no-unknown-input-reference-in-composite`](../no-unknown-input-reference-in-composite.md) | | [🧩](./action-metadata.md) [🟣](./all.md) |
88
+ | <span class="sb-inline-rule-number">R037</span> [`no-unknown-job-output-reference`](../no-unknown-job-output-reference.md) | | [🟣](./all.md) [🟡](./recommended.md) [🔴](./strict.md) |
89
+ | <span class="sb-inline-rule-number">R038</span> [`no-unknown-step-reference`](../no-unknown-step-reference.md) | | [🟣](./all.md) [🔴](./strict.md) |
90
+ | <span class="sb-inline-rule-number">R029</span> [`no-untrusted-input-in-run`](../no-untrusted-input-in-run.md) | | [🟣](./all.md) [🛡️](./security.md) [🔴](./strict.md) |
91
+ | <span class="sb-inline-rule-number">R085</span> [`no-unused-dependabot-enable-beta-ecosystems`](../no-unused-dependabot-enable-beta-ecosystems.md) | 🔧 | [🟣](./all.md) [🤖](./dependabot.md) |
92
+ | <span class="sb-inline-rule-number">R053</span> [`no-unused-input-in-composite`](../no-unused-input-in-composite.md) | | [🧩](./action-metadata.md) [🟣](./all.md) |
93
+ | <span class="sb-inline-rule-number">R023</span> [`no-write-all-permissions`](../no-write-all-permissions.md) | | [🟣](./all.md) [🟡](./recommended.md) [🛡️](./security.md) [🔴](./strict.md) |
94
+ | <span class="sb-inline-rule-number">R003</span> [`pin-action-shas`](../pin-action-shas.md) | | [🟣](./all.md) [🛡️](./security.md) [🔴](./strict.md) |
95
+ | <span class="sb-inline-rule-number">R043</span> [`prefer-action-yml`](../prefer-action-yml.md) | | [🧩](./action-metadata.md) [🟣](./all.md) |
96
+ | <span class="sb-inline-rule-number">R015</span> [`prefer-fail-fast`](../prefer-fail-fast.md) | | [🟣](./all.md) [🔴](./strict.md) |
97
+ | <span class="sb-inline-rule-number">R020</span> [`prefer-file-extension`](../prefer-file-extension.md) | | [🟣](./all.md) [🟡](./recommended.md) [🔴](./strict.md) |
98
+ | <span class="sb-inline-rule-number">R033</span> [`prefer-inputs-context`](../prefer-inputs-context.md) | 🔧 | [🟣](./all.md) [🟡](./recommended.md) [🔴](./strict.md) |
99
+ | <span class="sb-inline-rule-number">R016</span> [`prefer-step-uses-style`](../prefer-step-uses-style.md) | | [🟣](./all.md) |
100
+ | <span class="sb-inline-rule-number">R066</span> [`prefer-template-yml-extension`](../prefer-template-yml-extension.md) | | [🧱](./workflow-templates.md) [🟣](./all.md) |
101
+ | <span class="sb-inline-rule-number">R005</span> [`require-action-name`](../require-action-name.md) | | [🟣](./all.md) [🟡](./recommended.md) [🔴](./strict.md) |
102
+ | <span class="sb-inline-rule-number">R006</span> [`require-action-run-name`](../require-action-run-name.md) | | [🟣](./all.md) [🔴](./strict.md) |
103
+ | <span class="sb-inline-rule-number">R025</span> [`require-checkout-before-local-action`](../require-checkout-before-local-action.md) | | [🟣](./all.md) [🟡](./recommended.md) [🔴](./strict.md) |
104
+ | <span class="sb-inline-rule-number">R099</span> [`require-codeql-actions-read`](../require-codeql-actions-read.md) | | [🟣](./all.md) [🔎](./code-scanning.md) |
105
+ | <span class="sb-inline-rule-number">R113</span> [`require-codeql-branch-filters`](../require-codeql-branch-filters.md) | | [🟣](./all.md) [🔎](./code-scanning.md) |
106
+ | <span class="sb-inline-rule-number">R114</span> [`require-codeql-category-when-language-matrix`](../require-codeql-category-when-language-matrix.md) | | [🟣](./all.md) [🔎](./code-scanning.md) |
107
+ | <span class="sb-inline-rule-number">R100</span> [`require-codeql-pull-request-trigger`](../require-codeql-pull-request-trigger.md) | | [🟣](./all.md) [🔎](./code-scanning.md) |
108
+ | <span class="sb-inline-rule-number">R101</span> [`require-codeql-schedule`](../require-codeql-schedule.md) | | [🟣](./all.md) [🔎](./code-scanning.md) |
109
+ | <span class="sb-inline-rule-number">R098</span> [`require-codeql-security-events-write`](../require-codeql-security-events-write.md) | | [🟣](./all.md) [🔎](./code-scanning.md) [🛡️](./security.md) |
110
+ | <span class="sb-inline-rule-number">R052</span> [`require-composite-step-name`](../require-composite-step-name.md) | | [🧩](./action-metadata.md) [🟣](./all.md) |
111
+ | <span class="sb-inline-rule-number">R077</span> [`require-dependabot-assignees`](../require-dependabot-assignees.md) | | [🟣](./all.md) [🤖](./dependabot.md) |
112
+ | <span class="sb-inline-rule-number">R111</span> [`require-dependabot-automation-permissions`](../require-dependabot-automation-permissions.md) | | [🟣](./all.md) [🛡️](./security.md) |
113
+ | <span class="sb-inline-rule-number">R112</span> [`require-dependabot-automation-pull-request-trigger`](../require-dependabot-automation-pull-request-trigger.md) | | [🟣](./all.md) [🛡️](./security.md) |
114
+ | <span class="sb-inline-rule-number">R109</span> [`require-dependabot-bot-actor-guard`](../require-dependabot-bot-actor-guard.md) | | [🟣](./all.md) [🛡️](./security.md) |
115
+ | <span class="sb-inline-rule-number">R089</span> [`require-dependabot-commit-message-include-scope`](../require-dependabot-commit-message-include-scope.md) | | [🟣](./all.md) [🤖](./dependabot.md) |
116
+ | <span class="sb-inline-rule-number">R079</span> [`require-dependabot-commit-message-prefix`](../require-dependabot-commit-message-prefix.md) | | [🟣](./all.md) [🤖](./dependabot.md) |
117
+ | <span class="sb-inline-rule-number">R090</span> [`require-dependabot-commit-message-prefix-development`](../require-dependabot-commit-message-prefix-development.md) | | [🟣](./all.md) [🤖](./dependabot.md) |
118
+ | <span class="sb-inline-rule-number">R086</span> [`require-dependabot-cooldown`](../require-dependabot-cooldown.md) | | [🟣](./all.md) [🤖](./dependabot.md) |
119
+ | <span class="sb-inline-rule-number">R073</span> [`require-dependabot-directory`](../require-dependabot-directory.md) | | [🟣](./all.md) [🤖](./dependabot.md) |
120
+ | <span class="sb-inline-rule-number">R084</span> [`require-dependabot-github-actions-directory-root`](../require-dependabot-github-actions-directory-root.md) | 🔧 | [🟣](./all.md) [🤖](./dependabot.md) |
121
+ | <span class="sb-inline-rule-number">R080</span> [`require-dependabot-labels`](../require-dependabot-labels.md) | | [🟣](./all.md) [🤖](./dependabot.md) |
122
+ | <span class="sb-inline-rule-number">R087</span> [`require-dependabot-open-pull-requests-limit`](../require-dependabot-open-pull-requests-limit.md) | | [🟣](./all.md) [🤖](./dependabot.md) |
123
+ | <span class="sb-inline-rule-number">R072</span> [`require-dependabot-package-ecosystem`](../require-dependabot-package-ecosystem.md) | | [🟣](./all.md) [🤖](./dependabot.md) |
124
+ | <span class="sb-inline-rule-number">R082</span> [`require-dependabot-patterns-for-multi-ecosystem-group`](../require-dependabot-patterns-for-multi-ecosystem-group.md) | | [🟣](./all.md) [🤖](./dependabot.md) |
125
+ | <span class="sb-inline-rule-number">R083</span> [`require-dependabot-schedule-cronjob`](../require-dependabot-schedule-cronjob.md) | | [🟣](./all.md) [🤖](./dependabot.md) |
126
+ | <span class="sb-inline-rule-number">R074</span> [`require-dependabot-schedule-interval`](../require-dependabot-schedule-interval.md) | | [🟣](./all.md) [🤖](./dependabot.md) |
127
+ | <span class="sb-inline-rule-number">R075</span> [`require-dependabot-schedule-time`](../require-dependabot-schedule-time.md) | | [🟣](./all.md) [🤖](./dependabot.md) |
128
+ | <span class="sb-inline-rule-number">R076</span> [`require-dependabot-schedule-timezone`](../require-dependabot-schedule-timezone.md) | | [🟣](./all.md) [🤖](./dependabot.md) |
129
+ | <span class="sb-inline-rule-number">R078</span> [`require-dependabot-target-branch`](../require-dependabot-target-branch.md) | | [🟣](./all.md) [🤖](./dependabot.md) |
130
+ | <span class="sb-inline-rule-number">R071</span> [`require-dependabot-updates`](../require-dependabot-updates.md) | | [🟣](./all.md) [🤖](./dependabot.md) |
131
+ | <span class="sb-inline-rule-number">R070</span> [`require-dependabot-version`](../require-dependabot-version.md) | 🔧 | [🟣](./all.md) [🤖](./dependabot.md) |
132
+ | <span class="sb-inline-rule-number">R088</span> [`require-dependabot-versioning-strategy-for-npm`](../require-dependabot-versioning-strategy-for-npm.md) | | [🟣](./all.md) [🤖](./dependabot.md) |
133
+ | <span class="sb-inline-rule-number">R091</span> [`require-dependency-review-action`](../require-dependency-review-action.md) | | [🟣](./all.md) [🔎](./code-scanning.md) [🛡️](./security.md) |
134
+ | <span class="sb-inline-rule-number">R093</span> [`require-dependency-review-fail-on-severity`](../require-dependency-review-fail-on-severity.md) | | [🟣](./all.md) [🔎](./code-scanning.md) [🛡️](./security.md) |
135
+ | <span class="sb-inline-rule-number">R092</span> [`require-dependency-review-permissions-contents-read`](../require-dependency-review-permissions-contents-read.md) | | [🟣](./all.md) [🔎](./code-scanning.md) [🛡️](./security.md) |
136
+ | <span class="sb-inline-rule-number">R094</span> [`require-dependency-review-pull-request-trigger`](../require-dependency-review-pull-request-trigger.md) | | [🟣](./all.md) [🔎](./code-scanning.md) [🛡️](./security.md) |
137
+ | <span class="sb-inline-rule-number">R110</span> [`require-fetch-metadata-github-token`](../require-fetch-metadata-github-token.md) | | [🟣](./all.md) [🛡️](./security.md) |
138
+ | <span class="sb-inline-rule-number">R007</span> [`require-job-name`](../require-job-name.md) | 💡 | [🟣](./all.md) [🔴](./strict.md) |
139
+ | <span class="sb-inline-rule-number">R008</span> [`require-job-step-name`](../require-job-step-name.md) | 💡 | [🟣](./all.md) [🔴](./strict.md) |
140
+ | <span class="sb-inline-rule-number">R002</span> [`require-job-timeout-minutes`](../require-job-timeout-minutes.md) | | [🟣](./all.md) [🟡](./recommended.md) [🔴](./strict.md) |
141
+ | <span class="sb-inline-rule-number">R035</span> [`require-merge-group-trigger`](../require-merge-group-trigger.md) | | [🟣](./all.md) [🔴](./strict.md) |
142
+ | <span class="sb-inline-rule-number">R032</span> [`require-pull-request-target-branches`](../require-pull-request-target-branches.md) | | [🟣](./all.md) [🛡️](./security.md) [🔴](./strict.md) |
143
+ | <span class="sb-inline-rule-number">R021</span> [`require-run-step-shell`](../require-run-step-shell.md) | | [🟣](./all.md) [🔴](./strict.md) |
144
+ | <span class="sb-inline-rule-number">R102</span> [`require-sarif-upload-security-events-write`](../require-sarif-upload-security-events-write.md) | | [🟣](./all.md) [🔎](./code-scanning.md) [🛡️](./security.md) |
145
+ | <span class="sb-inline-rule-number">R103</span> [`require-scorecard-results-format-sarif`](../require-scorecard-results-format-sarif.md) | | [🟣](./all.md) [🔎](./code-scanning.md) |
146
+ | <span class="sb-inline-rule-number">R104</span> [`require-scorecard-upload-sarif-step`](../require-scorecard-upload-sarif-step.md) | | [🟣](./all.md) [🔎](./code-scanning.md) |
147
+ | <span class="sb-inline-rule-number">R107</span> [`require-secret-scan-contents-read`](../require-secret-scan-contents-read.md) | | [🟣](./all.md) [🛡️](./security.md) |
148
+ | <span class="sb-inline-rule-number">R105</span> [`require-secret-scan-fetch-depth-zero`](../require-secret-scan-fetch-depth-zero.md) | | [🟣](./all.md) [🛡️](./security.md) |
149
+ | <span class="sb-inline-rule-number">R106</span> [`require-secret-scan-schedule`](../require-secret-scan-schedule.md) | | [🟣](./all.md) [🛡️](./security.md) |
150
+ | <span class="sb-inline-rule-number">R057</span> [`require-template-categories`](../require-template-categories.md) | | [🗂️](./workflow-template-properties.md) [🧱](./workflow-templates.md) [🟣](./all.md) |
151
+ | <span class="sb-inline-rule-number">R058</span> [`require-template-file-patterns`](../require-template-file-patterns.md) | | [🗂️](./workflow-template-properties.md) [🧱](./workflow-templates.md) [🟣](./all.md) |
152
+ | <span class="sb-inline-rule-number">R065</span> [`require-template-icon-file-exists`](../require-template-icon-file-exists.md) | | [🗂️](./workflow-template-properties.md) [🧱](./workflow-templates.md) [🟣](./all.md) |
153
+ | <span class="sb-inline-rule-number">R056</span> [`require-template-icon-name`](../require-template-icon-name.md) | | [🗂️](./workflow-template-properties.md) [🧱](./workflow-templates.md) [🟣](./all.md) |
154
+ | <span class="sb-inline-rule-number">R067</span> [`require-template-workflow-name`](../require-template-workflow-name.md) | | [🧱](./workflow-templates.md) [🟣](./all.md) |
155
+ | <span class="sb-inline-rule-number">R031</span> [`require-trigger-types`](../require-trigger-types.md) | | [🟣](./all.md) [🔴](./strict.md) |
156
+ | <span class="sb-inline-rule-number">R108</span> [`require-trufflehog-verified-results-mode`](../require-trufflehog-verified-results-mode.md) | | [🟣](./all.md) [🛡️](./security.md) |
157
+ | <span class="sb-inline-rule-number">R034</span> [`require-workflow-call-input-type`](../require-workflow-call-input-type.md) | | [🟣](./all.md) [🟡](./recommended.md) [🔴](./strict.md) |
158
+ | <span class="sb-inline-rule-number">R039</span> [`require-workflow-call-output-value`](../require-workflow-call-output-value.md) | | [🟣](./all.md) [🟡](./recommended.md) [🔴](./strict.md) |
159
+ | <span class="sb-inline-rule-number">R004</span> [`require-workflow-concurrency`](../require-workflow-concurrency.md) | | [🟣](./all.md) [🔴](./strict.md) |
160
+ | <span class="sb-inline-rule-number">R022</span> [`require-workflow-dispatch-input-type`](../require-workflow-dispatch-input-type.md) | | [🟣](./all.md) [🟡](./recommended.md) [🔴](./strict.md) |
161
+ | <span class="sb-inline-rule-number">R024</span> [`require-workflow-interface-description`](../require-workflow-interface-description.md) | | [🟣](./all.md) [🔴](./strict.md) |
162
+ | <span class="sb-inline-rule-number">R001</span> [`require-workflow-permissions`](../require-workflow-permissions.md) | | [🟣](./all.md) [🟡](./recommended.md) [🛡️](./security.md) [🔴](./strict.md) |
163
+ | <span class="sb-inline-rule-number">R028</span> [`require-workflow-run-branches`](../require-workflow-run-branches.md) | | [🟣](./all.md) [🛡️](./security.md) [🔴](./strict.md) |
164
+ | <span class="sb-inline-rule-number">R054</span> [`require-workflow-template-pair`](../require-workflow-template-pair.md) | | [🧱](./workflow-templates.md) [🟣](./all.md) |
165
+ | <span class="sb-inline-rule-number">R055</span> [`require-workflow-template-properties-pair`](../require-workflow-template-properties-pair.md) | | [🗂️](./workflow-template-properties.md) [🧱](./workflow-templates.md) [🟣](./all.md) |
166
+ | <span class="sb-inline-rule-number">R017</span> [`valid-timeout-minutes`](../valid-timeout-minutes.md) | | [🟣](./all.md) [🟡](./recommended.md) [🔴](./strict.md) |
167
+ | <span class="sb-inline-rule-number">R018</span> [`valid-trigger-events`](../valid-trigger-events.md) | | [🟣](./all.md) [🟡](./recommended.md) [🔴](./strict.md) |
package/docs/rules/presets/recommended.md CHANGED
@@ -1,11 +1,11 @@
1
- ---
2
- sidebar_position: 6
3
- ---
4
-
5
- # `githubActions.configs.recommended`
6
-
7
- Balanced defaults for most repositories.
8
-
1
+ ---
2
+ sidebar_position: 6
3
+ ---
4
+
5
+ # `githubActions.configs.recommended`
6
+
7
+ Balanced defaults for most repositories.
8
+
9
9
  ## Included rules
10
10
 
11
11
  Fix legend:
package/docs/rules/presets/security.md CHANGED
@@ -1,11 +1,11 @@
1
- ---
2
- sidebar_position: 7
3
- ---
4
-
5
- # `githubActions.configs.security`
6
-
7
- Security-focused workflow hardening checks.
8
-
1
+ ---
2
+ sidebar_position: 7
3
+ ---
4
+
5
+ # `githubActions.configs.security`
6
+
7
+ Security-focused workflow hardening checks.
8
+
9
9
  ## Included rules
10
10
 
11
11
  Fix legend:
package/docs/rules/presets/strict.md CHANGED
@@ -1,11 +1,11 @@
1
- ---
2
- sidebar_position: 8
3
- ---
4
-
5
- # `githubActions.configs.strict`
6
-
7
- Opinionated operational guardrails for mature workflow estates.
8
-
1
+ ---
2
+ sidebar_position: 8
3
+ ---
4
+
5
+ # `githubActions.configs.strict`
6
+
7
+ Opinionated operational guardrails for mature workflow estates.
8
+
9
9
  ## Included rules
10
10
 
11
11
  Fix legend:
package/docs/rules/presets/workflow-template-properties.md CHANGED
@@ -1,11 +1,11 @@
1
- ---
2
- sidebar_position: 4
3
- ---
4
-
5
- # `githubActions.configs.workflowTemplateProperties`
6
-
7
- Linting defaults for workflow-template metadata files (`*.properties.json`).
8
-
1
+ ---
2
+ sidebar_position: 4
3
+ ---
4
+
5
+ # `githubActions.configs.workflowTemplateProperties`
6
+
7
+ Linting defaults for workflow-template metadata files (`*.properties.json`).
8
+
9
9
  ## Included rules
10
10
 
11
11
  Fix legend:
package/docs/rules/presets/workflow-templates.md CHANGED
@@ -1,11 +1,11 @@
1
- ---
2
- sidebar_position: 5
3
- ---
4
-
5
- # `githubActions.configs.workflowTemplates`
6
-
7
- Workflow template package linting for both template YAML and metadata files.
8
-
1
+ ---
2
+ sidebar_position: 5
3
+ ---
4
+
5
+ # `githubActions.configs.workflowTemplates`
6
+
7
+ Workflow template package linting for both template YAML and metadata files.
8
+
9
9
  ## Included rules
10
10
 
11
11
  Fix legend:
package/docs/rules/require-dependency-review-permissions-contents-read.md CHANGED
@@ -8,7 +8,7 @@ Workflows that use `actions/dependency-review-action`.
8
8
 
9
9
  ## What this rule reports
10
10
 
11
- This rule reports workflows using the dependency review action that do not set top-level `permissions.contents: read`.
11
+ This rule reports jobs using the dependency review action that do not have effective `contents: read` via either workflow-level or job-level `permissions`.
12
12
 
13
13
  ## Why this rule exists
14
14
 
@@ -18,11 +18,11 @@ Dependency review only needs repository contents read access. Requiring that exp
18
18
 
19
19
  ```yaml
20
20
  on: [pull_request]
21
- permissions:
22
- contents: write
23
21
  jobs:
24
22
  dependency-review:
25
23
  runs-on: ubuntu-latest
24
+ permissions:
25
+ contents: write
26
26
  steps:
27
27
  - uses: actions/dependency-review-action@v4
28
28
  ```
@@ -40,9 +40,20 @@ jobs:
40
40
  - uses: actions/dependency-review-action@v4
41
41
  ```
42
42
 
43
+ ```yaml
44
+ on: [pull_request]
45
+ jobs:
46
+ dependency-review:
47
+ runs-on: ubuntu-latest
48
+ permissions:
49
+ contents: read
50
+ steps:
51
+ - uses: actions/dependency-review-action@v4
52
+ ```
53
+
43
54
  ## Additional examples
44
55
 
45
- This rule complements `require-workflow-permissions` by enforcing the narrower security expectation specific to dependency review workflows.
56
+ This rule complements `require-workflow-permissions` by enforcing the narrower security expectation specific to dependency review jobs without forcing that permission to live only at the workflow root.
46
57
 
47
58
  ## ESLint flat config example
48
59
 
package/docs/rules/require-secret-scan-contents-read.md CHANGED
@@ -8,7 +8,7 @@ Jobs that use supported secret-scanning actions.
8
8
 
9
9
  ## What this rule reports
10
10
 
11
- This rule reports secret-scanning jobs that do not grant `contents: read`.
11
+ This rule reports secret-scanning jobs that do not have effective `contents: read` via either workflow-level or job-level `permissions`.
12
12
 
13
13
  ## Why this rule exists
14
14
 
@@ -17,7 +17,8 @@ Secret-scanning workflows generally only need read access to repository contents
17
17
  ## ❌ Incorrect
18
18
 
19
19
  ```yaml
20
- permissions: {}
20
+ permissions:
21
+ contents: write
21
22
  ```
22
23
 
23
24
  ## ✅ Correct
@@ -27,6 +28,13 @@ permissions:
27
28
  contents: read
28
29
  ```
29
30
 
31
+ ```yaml
32
+ jobs:
33
+ scan:
34
+ permissions:
35
+ contents: read
36
+ ```
37
+
30
38
  ## Additional examples
31
39
 
32
40
  This rule is intentionally narrow and does not try to prescribe every other permission a secret-scanning workflow may or may not need.
package/docs/rules/require-workflow-permissions.md CHANGED
@@ -43,10 +43,9 @@ jobs:
43
43
  runs-on: ubuntu-latest
44
44
  ```
45
45
 
46
-
47
46
  ## Additional examples
48
47
 
49
- For larger repositories, this rule is often enabled together with one of the published presets so violations are caught in pull requests before workflow changes are merged.
48
+ For larger repositories, this rule works well as a baseline requirement for explicit token scope. If your team prefers every job to declare permissions locally, layer the opt-in `no-top-level-permissions` rule on top.
50
49
 
51
50
  ## ESLint flat config example
52
51
 
@@ -69,7 +68,8 @@ export default [
69
68
  ## When not to use it
70
69
 
71
70
  You can disable this rule when its policy does not match your repository standards, or when equivalent enforcement is already handled by another policy tool.
71
+
72
72
  ## Further reading
73
73
 
74
- - [https://docs.github.com/actions/reference/workflows-and-actions/workflow-syntax#permissions](https://docs.github.com/actions/reference/workflows-and-actions/workflow-syntax#permissions)
75
- - [https://docs.github.com/actions/security-for-github-actions/security-guides/automatic-token-authentication](https://docs.github.com/actions/security-for-github-actions/security-guides/automatic-token-authentication)
74
+ - [GitHub Actions workflow syntax: permissions](https://docs.github.com/actions/reference/workflows-and-actions/workflow-syntax#permissions)
75
+ - [GitHub Actions automatic token authentication guide](https://docs.github.com/actions/security-for-github-actions/security-guides/automatic-token-authentication)
package/package.json CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "$schema": "https://www.schemastore.org/package.json",
3
3
  "name": "eslint-plugin-github-actions-2",
4
- "version": "1.0.4",
4
+ "version": "1.0.5",
5
5
  "private": false,
6
6
  "description": "ESLint plugin for GitHub Actions workflow quality, reliability, and security rules.",
7
7
  "keywords": [