Restrict Actions token permissions in CodeQL workflow.
This commit is contained in:
Chris Gavin
parent
896b4ff181
commit
7e85b5d66a
1 changed files with 8 additions and 0 deletions
8
.github/workflows/codeql.yml
vendored
8
.github/workflows/codeql.yml
vendored
|
|
@ -13,6 +13,9 @@ jobs:
|
||||||
outputs:
|
outputs:
|
||||||
versions: ${{ steps.compare.outputs.versions }}
|
versions: ${{ steps.compare.outputs.versions }}
|
||||||
|
|
||||||
|
permissions:
|
||||||
|
contents: read
|
||||||
|
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@v2
|
- uses: actions/checkout@v2
|
||||||
- name: Init with default CodeQL bundle from the VM image
|
- name: Init with default CodeQL bundle from the VM image
|
||||||
|
|
@ -59,6 +62,11 @@ jobs:
|
||||||
tools: ${{ fromJson(needs.check-codeql-versions.outputs.versions) }}
|
tools: ${{ fromJson(needs.check-codeql-versions.outputs.versions) }}
|
||||||
runs-on: ${{ matrix.os }}
|
runs-on: ${{ matrix.os }}
|
||||||
|
|
||||||
|
permissions:
|
||||||
|
contents: read
|
||||||
|
security-events: write
|
||||||
|
|
||||||
|
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@v2
|
- uses: actions/checkout@v2
|
||||||
- uses: ./init
|
- uses: ./init
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue