https
GET
api.github.com
None
/repos/matt-davis27/PyGithub/code-scanning/alerts/1
{'Authorization': 'token private_token_removed', 'User-Agent': 'PyGithub/Python'}
None
200
[('Date', 'Mon, 25 Aug 2025 20:30:42 GMT'), ('Content-Type', 'application/json; charset=utf-8'), ('Cache-Control', 'private, max-age=60, s-maxage=60'), ('Vary', 'Accept, Authorization, Cookie, X-GitHub-OTP,Accept-Encoding, Accept, X-Requested-With'), ('ETag', 'W/"63dd9374b8f550fa017a2cbe746d5c8ba70ee62a55f06d6ea667d685f9a45763"'), ('Last-Modified', 'Mon, 25 Aug 2025 16:03:10 GMT'), ('X-OAuth-Scopes', 'admin:org, repo, workflow'), ('X-Accepted-OAuth-Scopes', 'admin:repo_hook, delete_repo, read:repo_hook, repo, repo:invite, repo:status, repo_deployment, security_events, write:repo_hook'), ('github-authentication-token-expiration', '2025-09-22 17:03:22 UTC'), ('X-GitHub-Media-Type', 'github.v3; format=json'), ('x-github-api-version-selected', '2022-11-28'), ('X-RateLimit-Limit', '5000'), ('X-RateLimit-Remaining', '4998'), ('X-RateLimit-Reset', '1756157441'), ('X-RateLimit-Used', '2'), ('X-RateLimit-Resource', 'core'), ('Access-Control-Expose-Headers', 'ETag, Link, Location, Retry-After, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Used, X-RateLimit-Resource, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Poll-Interval, X-GitHub-Media-Type, X-GitHub-SSO, X-GitHub-Request-Id, Deprecation, Sunset'), ('Access-Control-Allow-Origin', '*'), ('Strict-Transport-Security', 'max-age=31536000; includeSubdomains; preload'), ('X-Frame-Options', 'deny'), ('X-Content-Type-Options', 'nosniff'), ('X-XSS-Protection', '0'), ('Referrer-Policy', 'origin-when-cross-origin, strict-origin-when-cross-origin'), ('Content-Security-Policy', "default-src 'none'"), ('Content-Encoding', 'gzip'), ('Transfer-Encoding', 'chunked'), ('Server', 'github.com'), ('X-GitHub-Request-Id', 'C871:9566D:40632F:41D263:68ACC7F1')]
{"number":1,"created_at":"2025-08-22T23:38:23Z","updated_at":"2025-08-25T16:03:10Z","url":"https://api.github.com/repos/matt-davis27/PyGithub/code-scanning/alerts/1","html_url":"https://github.com/matt-davis27/PyGithub/security/code-scanning/1","state":"fixed","fixed_at":"2025-08-25T16:03:09Z","dismissed_by":null,"dismissed_at":null,"dismissed_reason":null,"dismissed_comment":null,"rule":{"id":"actions/missing-workflow-permissions","severity":"warning","description":"Workflow does not contain permissions","name":"actions/missing-workflow-permissions","tags":["actions","external/cwe/cwe-275","maintainability","security"],"full_description":"Workflows should contain explicit permissions to restrict the scope of the default GITHUB_TOKEN.","help":"## Overview\n\nIf a GitHub Actions job or workflow has no explicit permissions set, then the repository permissions are used. Repositories created under organizations inherit the organization permissions. The organizations or repositories created before February 2023 have the default permissions set to read-write. Often these permissions do not adhere to the principle of least privilege and can be reduced to read-only, leaving the `write` permission only to a specific types as `issues: write` or `pull-requests: write`.\n\n## Recommendation\n\nAdd the `permissions` key to the job or the root of workflow (in this case it is applied to all jobs in the workflow that do not have their own `permissions` key) and assign the least privileges required to complete the task.\n\n## Example\n\n### Incorrect Usage\n\n```yaml\nname: \"My workflow\"\n# No permissions block\n```\n\n### Correct Usage\n\n```yaml\nname: \"My workflow\"\npermissions:\n  contents: read\n  pull-requests: write\n```\n\nor\n\n```yaml\njobs:\n  my-job:\n    permissions:\n      contents: read\n      pull-requests: write\n```\n\n## References\n\n- GitHub Docs: [Assigning permissions to jobs](https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/assigning-permissions-to-jobs).\n","security_severity_level":"medium"},"tool":{"name":"CodeQL","guid":null,"version":"2.22.4"},"most_recent_instance":{"ref":"refs/heads/main","analysis_key":".github/workflows/codeql.yml:analyze","environment":"{\"build-mode\":\"none\",\"language\":\"actions\"}","category":"/language:actions","state":"fixed","commit_sha":"908396804d41cdb1d0c0538b97f25a81383ee61b","message":{"text":"Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {{contents: read}}"},"location":{"path":".github/workflows/lint.yml","start_line":12,"end_line":29,"start_column":5,"end_column":3},"classifications":[]},"instances_url":"https://api.github.com/repos/matt-davis27/PyGithub/code-scanning/alerts/1/instances","dismissal_approved_by":null}
