open-notebook/.github
LUIS NOVO 21b6809277 security: add persist-credentials false to checkout step
Prevent GITHUB_TOKEN from being stored in .git/config when
checking out PR code in pull_request_target workflows. This
is a security best practice to prevent untrusted code from
potentially accessing stored credentials.

While the Claude Code action doesn't execute arbitrary PR code,
this follows defense-in-depth security principles to minimize
attack surface when handling untrusted code from forks.
2026-01-13 18:47:36 -03:00
..
ISSUE_TEMPLATE docs: improve contribution workflow and project governance (#246) 2025-11-01 16:34:28 -03:00
workflows security: add persist-credentials false to checkout step 2026-01-13 18:47:36 -03:00
pull_request_template.md docs: improve contribution workflow and project governance (#246) 2025-11-01 16:34:28 -03:00