Explicit Permissions for codeql.yml

2025-06-27 22:32:43 +00:00 · 2025-06-10 10:46:23 -05:00 · 2025-06-10 10:46:23 -05:00 · 888d87619d
commit 888d87619d
parent e8028e15c0
1 changed files with 5 additions and 1 deletions
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@ -7,7 +7,11 @@ on:
  schedule:
    # https://docs.github.com/en/actions/writing-workflows/choosing-when-your-workflow-runs/events-that-trigger-workflows#schedule
    - cron: '0 5 * * *'
-
+permissions: read-all
 jobs:
  codeql-analysis-call:
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
    uses: spring-io/github-actions/.github/workflows/codeql-analysis.yml@1