build: harden codeql-analysis.yml permissions

Signed-off-by: Alex <aleksandrosansan@gmail.com>
This commit is contained in:
Alex 2022-09-24 08:57:02 +02:00
parent e09a9f2dc2
commit 10975deab8

View file

@ -20,8 +20,15 @@ on:
schedule:
- cron: '41 13 * * 1'
permissions:
contents: read # to fetch code (actions/checkout)
jobs:
analyze:
permissions:
contents: read # to fetch code (actions/checkout)
security-events: write # to upload SARIF results (github/codeql-action/analyze)
name: Analyze
runs-on: ubuntu-latest