Skip to content

Commit 228e2bc

Browse files
authored
Merge pull request #31 from chainguard-dev/clarify-fork-pr-permissions
docs: add note about PR comment limitations from forked repositories
2 parents 5cae9b8 + a9bed5a commit 228e2bc

1 file changed

Lines changed: 2 additions & 0 deletions

File tree

README.md

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -61,6 +61,8 @@ jobs:
6161
6262
You can see the action in action here, on a PR that attempts to add a backdoored `xzutils` shared library to this repo: https://github.com/chainguard-dev/malcontent-action/pull/7
6363

64+
> **Note on PR Comments from Forks**: When this action runs on a pull request from a forked repository, it won't be able to post comments due to GitHub's security restrictions. Workflows triggered by `pull_request` events from forks run with read-only permissions and cannot write to the base repository. The action will still analyze the code and fail if malware is detected, but the detailed comment won't appear on the PR. To see the full analysis, check the workflow logs or consider running the action on branches within the main repository.
65+
6466
### Push Events
6567

6668
```yaml

0 commit comments

Comments
 (0)