> ## Documentation Index
> Fetch the complete documentation index at: https://docs.pipefort.com/llms.txt
> Use this file to discover all available pages before exploring further.

# CICD-SEC-4 — GitHub Actions can approve pull requests

> Actions are allowed to submit approving reviews — an attacker who controls a workflow can self-approve a malicious PR.

| Field    | Value                                      |
| -------- | ------------------------------------------ |
| Category | `CICD-SEC-4`                               |
| Severity | **HIGH**                                   |
| Auto-fix | ✓ (via `--fix-settings` or web Fix button) |
| Source   | Repository configuration                   |

## What the check does

Reads `GET /repos/{owner}/{repo}/actions/permissions/workflow`. Fires when `can_approve_pull_request_reviews` is `true`.

## Why it matters

This setting fully defeats branch protection's review requirement when combined with any of the existing CICD-SEC-4 risks:

1. Attacker injects code that runs in a workflow (poisoned PR title, compromised action).
2. That workflow uses `GITHUB_TOKEN` to submit an approving review on the attacker's own PR.
3. Branch protection counts the approval — the PR merges.

The whole point of mandatory code review is *human* judgement. Letting Actions submit approvals turns that into a circular check the attacker controls both sides of.

## How to fix

Settings → Actions → General → **Workflow permissions** → uncheck **Allow GitHub Actions to create and approve pull requests**.

Bots that genuinely need to approve PRs (e.g., dependency-update bots) should use a separate bot account with limited scope, not the implicit `GITHUB_TOKEN`.
