Skip to content

fix: disable gitleaks PR comments (least-privilege)#16

Merged
roleme merged 1 commit into
mainfrom
fix/gitleaks-disable-comments
Jun 26, 2026
Merged

fix: disable gitleaks PR comments (least-privilege)#16
roleme merged 1 commit into
mainfrom
fix/gitleaks-disable-comments

Conversation

@roleme

@roleme roleme commented Jun 26, 2026

Copy link
Copy Markdown
Owner

gitleaks-action POSTs a PR comment on pull_request events, failing with "Resource not accessible by integration" unless granted pull-requests: write. Setting GITLEAKS_ENABLE_COMMENTS=false keeps the reusable at least-privilege contents: read; findings still surface via the job summary + SARIF artifact.

Surfaced by docker_infra PR #294 (the only consumer that runs gitleaks on pull_request).

🤖 Generated with Claude Code

@roleme @claude
fix: disable gitleaks PR comments to keep least-privilege
bfa79dd 
gitleaks-action POSTs a PR comment on pull_request events, which fails with
'Resource not accessible by integration' unless granted pull-requests: write.
Set GITLEAKS_ENABLE_COMMENTS=false so the reusable needs only contents: read;
findings still surface in the job summary + SARIF artifact.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@roleme roleme merged commit fce34f0 into main Jun 26, 2026
1 check passed
@roleme roleme deleted the fix/gitleaks-disable-comments branch June 26, 2026 06:56
@github-actions github-actions Bot mentioned this pull request Jun 26, 2026
Closed
@roleme roleme mentioned this pull request Jun 26, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@roleme