From a0512d36da4f7d2155aaeea8c59a19399a18dbbe Mon Sep 17 00:00:00 2001 From: eric sciple Date: Fri, 23 Apr 2021 14:06:00 -0500 Subject: [PATCH] include actions:read for all code scanning workflows --- code-scanning/codeql.yml | 1 + code-scanning/kubesec.yml | 1 + code-scanning/mayhem-for-api.yml | 1 + code-scanning/synopsys-io.yml | 1 + code-scanning/tfsec.yml | 1 + 5 files changed, 5 insertions(+) diff --git a/code-scanning/codeql.yml b/code-scanning/codeql.yml index 99299d6..b32675e 100644 --- a/code-scanning/codeql.yml +++ b/code-scanning/codeql.yml @@ -25,6 +25,7 @@ jobs: name: Analyze runs-on: ubuntu-latest permissions: + actions: read contents: read security-events: write diff --git a/code-scanning/kubesec.yml b/code-scanning/kubesec.yml index 2d528a5..1cad70c 100644 --- a/code-scanning/kubesec.yml +++ b/code-scanning/kubesec.yml @@ -19,6 +19,7 @@ jobs: name: Kubesec runs-on: ubuntu-20.04 permissions: + actions: read contents: read security-events: write steps: diff --git a/code-scanning/mayhem-for-api.yml b/code-scanning/mayhem-for-api.yml index d084e3a..0aab0b4 100644 --- a/code-scanning/mayhem-for-api.yml +++ b/code-scanning/mayhem-for-api.yml @@ -38,6 +38,7 @@ jobs: # Mayhem for API runs on linux, mac and windows runs-on: ubuntu-latest permissions: + actions: read contents: read security-events: write steps: diff --git a/code-scanning/synopsys-io.yml b/code-scanning/synopsys-io.yml index 7e0aa09..0c1ff16 100644 --- a/code-scanning/synopsys-io.yml +++ b/code-scanning/synopsys-io.yml @@ -19,6 +19,7 @@ jobs: name: Analyze runs-on: ubuntu-latest permissions: + actions: read contents: read security-events: write diff --git a/code-scanning/tfsec.yml b/code-scanning/tfsec.yml index 006c985..51c5639 100644 --- a/code-scanning/tfsec.yml +++ b/code-scanning/tfsec.yml @@ -18,6 +18,7 @@ jobs: name: Run tfsec sarif report runs-on: ubuntu-latest permissions: + actions: read contents: read security-events: write