From 14ce90e99f9db28d05cc0a81e2b63370e034db38 Mon Sep 17 00:00:00 2001 From: h0x0er <84621253+h0x0er@users.noreply.github.com> Date: Mon, 14 Feb 2022 11:13:30 +0530 Subject: [PATCH 1/3] added github_token permissions --- code-scanning/semgrep.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/code-scanning/semgrep.yml b/code-scanning/semgrep.yml index 827387b..f99d441 100644 --- a/code-scanning/semgrep.yml +++ b/code-scanning/semgrep.yml @@ -19,8 +19,14 @@ on: schedule: - cron: $cron-weekly +permissions: + contents: read + jobs: semgrep: + permissions: + contents: read # for actions/checkout to fetch code + security-events: write # for github/codeql-action/upload-sarif to upload SARIF results name: Scan runs-on: ubuntu-latest steps: From aa4aa29543b6a72c397d9285abd94d91c41984fd Mon Sep 17 00:00:00 2001 From: Shubham malik Date: Mon, 14 Feb 2022 15:51:06 +0530 Subject: [PATCH 2/3] Update stackhawk.yml --- code-scanning/stackhawk.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/code-scanning/stackhawk.yml b/code-scanning/stackhawk.yml index 9701b1f..af220c0 100644 --- a/code-scanning/stackhawk.yml +++ b/code-scanning/stackhawk.yml @@ -37,8 +37,14 @@ on: schedule: - cron: $cron-weekly +permissions: + contents: read + jobs: stackhawk: + permissions: + contents: read # for actions/checkout to fetch code + security-events: write # for stackhawk/hawkscan-action to upload code scanning alert info name: StackHawk runs-on: ubuntu-20.04 steps: From 6706b36121ab6c4b497c145160f85b056fe12347 Mon Sep 17 00:00:00 2001 From: Shubham malik Date: Tue, 15 Feb 2022 16:04:39 +0530 Subject: [PATCH 3/3] Update njsscan.yml --- code-scanning/njsscan.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/code-scanning/njsscan.yml b/code-scanning/njsscan.yml index 8077f76..a6da087 100644 --- a/code-scanning/njsscan.yml +++ b/code-scanning/njsscan.yml @@ -17,8 +17,14 @@ on: schedule: - cron: $cron-weekly +permissions: + contents: read + jobs: njsscan: + permissions: + contents: read # for actions/checkout to fetch code + security-events: write # for github/codeql-action/upload-sarif to upload SARIF results runs-on: ubuntu-latest name: njsscan code scanning steps: