During April 2025, Pendergraft enhanced security for the github/rest-api-description repository by implementing explicit permissions across all GitHub Actions workflows. Leveraging DevOps and CI/CD expertise, Pendergraft updated multiple YAML workflow files to enforce the principle of least privilege, thereby reducing the attack surface and aligning with compliance requirements. This permissions hardening preserved existing CI functionality while improving auditability and governance throughout the pipeline. The work demonstrated a focused approach to workflow security, utilizing GitHub Actions and YAML to ensure that only necessary permissions were granted, minimizing risk in the event of workflow compromise and supporting organizational security objectives.