Restrict permissions to github token for workflows (#2821)

Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>
This commit is contained in:
Avgustin Marinov
2025-11-18 16:23:30 +02:00
committed by GitHub
parent f574d6d2be
commit 018a18850c
5 changed files with 22 additions and 11 deletions

View File

@@ -12,15 +12,15 @@ on:
type: boolean
default: false
permissions:
contents: read
# needed for trivy scans upload
security-events: write
jobs:
trivy-scan:
runs-on: ubuntu-latest
permissions:
contents: read
# needed for trivy scans upload
security-events: write
steps:
- name: Checkout code
uses: actions/checkout@v5