Merge pull request #1409 from arjundashrath/patch-1

Add token permissions for code-scanning/veracode.yml
This commit is contained in:
Nick Fyson
2022-02-27 14:29:45 +00:00
committed by GitHub
+6
View File
@@ -17,10 +17,16 @@ on:
- cron: $cron-weekly
# A workflow run is made up of one or more jobs that can run sequentially or in parallel
permissions:
contents: read
jobs:
# This workflow contains a job to build and submit pipeline scan, you will need to customize the build process accordingly and make sure the artifact you build is used as the file input to the pipeline scan file parameter
build-and-pipeline-scan:
# The type of runner that the job will run on
permissions:
contents: read # for actions/checkout to fetch code
security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
runs-on: ubuntu-latest
steps: