Fixes #21 (#22)

* Fixes #21 * Add actions read permission to unified workflow * PR feedback. Added link to codeql-action issue
google · May 28, 2024 · 37531d8 · 37531d8
1 parent 8d8993e
commit 37531d8
Show file tree

Hide file tree

Showing 3 changed files with 6 additions and 0 deletions.
diff --git a/.github/workflows/osv-scanner-reusable-pr.yml b/.github/workflows/osv-scanner-reusable-pr.yml
@@ -16,6 +16,8 @@
 name: "OSV-Scanner PR Scanning"
 
 permissions:
+  # Required to upload SARIF file to CodeQL. See: https://github.com/github/codeql-action/issues/2117
+  actions: read
   contents: read
   security-events: write
 

diff --git a/.github/workflows/osv-scanner-reusable.yml b/.github/workflows/osv-scanner-reusable.yml
@@ -16,6 +16,8 @@
 name: OSV-Scanner single vulnerability scan
 
 permissions:
+  # Required to upload SARIF file to CodeQL. See: https://github.com/github/codeql-action/issues/2117
+  actions: read
   contents: read
   security-events: write
 

diff --git a/.github/workflows/osv-scanner-unified-workflow.yml b/.github/workflows/osv-scanner-unified-workflow.yml
@@ -25,6 +25,8 @@ on:
     branches: ["main"]
 
 permissions:
+  # Required to upload SARIF file to CodeQL. See: https://github.com/github/codeql-action/issues/2117
+  actions: read
   # Require writing security events to upload SARIF file to security tab
   security-events: write
   # Read commit contents