From 69655d534f375c09960f24f8a750f5e670a41cfe Mon Sep 17 00:00:00 2001 From: Isaac Brown <101839405+isaacmbrown@users.noreply.github.com> Date: Wed, 22 Feb 2023 10:24:04 +0000 Subject: [PATCH] Add security note for forks (#34840) --- .../codespaces-reference/security-in-github-codespaces.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/content/codespaces/codespaces-reference/security-in-github-codespaces.md b/content/codespaces/codespaces-reference/security-in-github-codespaces.md index 6719a23d75..7d8de848f9 100644 --- a/content/codespaces/codespaces-reference/security-in-github-codespaces.md +++ b/content/codespaces/codespaces-reference/security-in-github-codespaces.md @@ -96,6 +96,14 @@ When you create a codespace from a PR branch from a fork, the token in the codes We also further protect you in these scenarios by not injecting any of your [codespace secrets](/codespaces/managing-your-codespaces/managing-encrypted-secrets-for-your-codespaces) into the environment. +{% note %} + +**Note:** The scope of the token in the codespace can change if you create a codespace from a fork to which you only have read access, then make a commit in the codespace. In this situation, as with any other repository, {% data variables.product.prodname_github_codespaces %} automatically creates a new fork, or links your codespace to an existing fork owned by your account, and updates the token to have read and write access to the newly linked fork. For more information, see "[AUTOTITLE](/codespaces/developing-in-codespaces/using-source-control-in-your-codespace#about-automatic-forking)." + +When {% data variables.product.prodname_github_codespaces %} links your codespace to an existing fork, this existing fork can be either a fork of the fork from which you created a codespace, or your own fork of the shared upstream repository. + +{% endnote %} + ### Additional good practices There are some additional good practices and risks that you should be aware of when using {% data variables.product.prodname_github_codespaces %}.