🔥 3-day streak
Microsoft DevOps Engineer Expert117 / 138
Question 117 of 138

Your team's GitHub Actions workflows use the automatically provided GITHUB_TOKEN to interact with the repository. A security review flags that the token has broad read/write access across many scopes by default, violating least-privilege requirements. The workflows only need to publish a package to GitHub Packages and post a comment on pull requests. What is the most effective way to restrict the token's access while keeping the workflows functional?

Reviewed for accuracy · Report an issueNext question