build: harden codeql-analysis.yml permissions
Signed-off-by: Alex <aleksandrosansan@gmail.com>
This commit is contained in:
parent
e09a9f2dc2
commit
10975deab8
1 changed files with 7 additions and 0 deletions
7
.github/workflows/codeql-analysis.yml
vendored
7
.github/workflows/codeql-analysis.yml
vendored
|
@ -20,8 +20,15 @@ on:
|
|||
schedule:
|
||||
- cron: '41 13 * * 1'
|
||||
|
||||
permissions:
|
||||
contents: read # to fetch code (actions/checkout)
|
||||
|
||||
jobs:
|
||||
analyze:
|
||||
permissions:
|
||||
contents: read # to fetch code (actions/checkout)
|
||||
security-events: write # to upload SARIF results (github/codeql-action/analyze)
|
||||
|
||||
name: Analyze
|
||||
runs-on: ubuntu-latest
|
||||
|
||||
|
|
Loading…
Reference in a new issue