build: harden codeql-analysis.yml permissions
Signed-off-by: Alex <aleksandrosansan@gmail.com>
This commit is contained in:
Alex
parent
dbb97a62bf
commit
13539bd8c6
7
.github/workflows/codeql-analysis.yml
vendored
7
.github/workflows/codeql-analysis.yml
vendored
@ -9,9 +9,16 @@ on:
|
|||||||
schedule:
|
schedule:
|
||||||
- cron: '0 22 * * 5'
|
- cron: '0 22 * * 5'
|
||||||
|
|
||||||
|
permissions:
|
||||||
|
contents: read # to fetch code (actions/checkout)
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
CodeQL-Build:
|
CodeQL-Build:
|
||||||
|
|
||||||
|
permissions:
|
||||||
|
contents: read # to fetch code (actions/checkout)
|
||||||
|
security-events: write # to upload SARIF results (github/codeql-action/analyze)
|
||||||
|
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
|
|
||||||
steps:
|
steps:
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user