diff options
| author | Varun Sharma <varunsh@stepsecurity.io> | 2022-09-13 12:41:16 -0700 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-09-13 21:41:16 +0200 |
| commit | a39ed5824d8f4343e33b80575a9ba0bf0c73e89f (patch) | |
| tree | 47a844ef826482fa648da0ed5187f18db0bac0b3 /.github | |
| parent | e04705a593dc2454c510663590d2ec2324d82929 (diff) | |
| download | ccache-a39ed5824d8f4343e33b80575a9ba0bf0c73e89f.tar.gz | |
ci: Add minimum GitHub token permissions for workflows (#1159)
Diffstat (limited to '.github')
| -rw-r--r-- | .github/workflows/build.yaml | 3 | ||||
| -rw-r--r-- | .github/workflows/codeql-analysis.yaml | 7 |
2 files changed, 10 insertions, 0 deletions
diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index fe1e01a4..47e00207 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -11,6 +11,9 @@ defaults: run: shell: bash +permissions: + contents: read + jobs: build_and_test: env: diff --git a/.github/workflows/codeql-analysis.yaml b/.github/workflows/codeql-analysis.yaml index 4ae74ed8..517808c0 100644 --- a/.github/workflows/codeql-analysis.yaml +++ b/.github/workflows/codeql-analysis.yaml @@ -17,8 +17,15 @@ on: # Full scan once a week - cron: '0 14 * * 3' +permissions: + contents: read + jobs: analyze: + permissions: + actions: read # for github/codeql-action/init to get workflow details + contents: read # for actions/checkout to fetch code + security-events: write # for github/codeql-action/analyze to upload SARIF results name: Analyze runs-on: ubuntu-20.04 |