Explicit Permissions for codeql.yml

6 months ago · 2c5bd4c916
1 changed files with 5 additions and 1 deletions
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@ -7,7 +7,11 @@ on:
				@@ -7,7 +7,11 @@ on:
  schedule:
    # https://docs.github.com/en/actions/writing-workflows/choosing-when-your-workflow-runs/events-that-trigger-workflows#schedule
    - cron: '0 5 * * *'
-
+permissions: read-all
 jobs:
  codeql-analysis-call:
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
    uses: spring-io/github-actions/.github/workflows/codeql-analysis.yml@1