build: harden codeql-analysis.yml permissions
Signed-off-by: Alex <aleksandrosansan@gmail.com>
This commit is contained in:
parent
e09a9f2dc2
commit
10975deab8
|
@ -20,8 +20,15 @@ on:
|
|||
schedule:
|
||||
- cron: '41 13 * * 1'
|
||||
|
||||
permissions:
|
||||
contents: read # to fetch code (actions/checkout)
|
||||
|
||||
jobs:
|
||||
analyze:
|
||||
permissions:
|
||||
contents: read # to fetch code (actions/checkout)
|
||||
security-events: write # to upload SARIF results (github/codeql-action/analyze)
|
||||
|
||||
name: Analyze
|
||||
runs-on: ubuntu-latest
|
||||
|
||||
|
|
Loading…
Reference in New Issue