Restrict Actions token permissions in CodeQL workflow.
This commit is contained in:
Chris Gavin
parent
896b4ff181
commit
7e85b5d66a
1 changed files with 8 additions and 0 deletions
8
.github/workflows/codeql.yml
vendored
8
.github/workflows/codeql.yml
vendored
|
|
@ -13,6 +13,9 @@ jobs:
|
|||
outputs:
|
||||
versions: ${{ steps.compare.outputs.versions }}
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
steps:
|
||||
- uses: actions/checkout@v2
|
||||
- name: Init with default CodeQL bundle from the VM image
|
||||
|
|
@ -59,6 +62,11 @@ jobs:
|
|||
tools: ${{ fromJson(needs.check-codeql-versions.outputs.versions) }}
|
||||
runs-on: ${{ matrix.os }}
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
security-events: write
|
||||
|
||||
|
||||
steps:
|
||||
- uses: actions/checkout@v2
|
||||
- uses: ./init
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue