ci: add minimum GitHub token permissions for workflows (#6236)

Signed-off-by: Ashish Kurmi <akurmi@stepsecurity.io>
2026-06-05 22:50:18 +00:00 · 2023-01-12 03:36:53 +05:30
parent 2745db131a
commit eb07385b02
3 changed files with 13 additions and 0 deletions
@@ -14,8 +14,15 @@ on:
  schedule:
    - cron: '0 23 * * 0'

+permissions:
+  contents: read
+
 jobs:
  analyze:
+    permissions:
+      actions: read  # for github/codeql-action/init to get workflow details
+      contents: read  # for actions/checkout to fetch code
+      security-events: write  # for github/codeql-action/autobuild to send a status report
    name: Analyze
    runs-on: ubuntu-latest