From c437a18de3473dc4cf5ca6bc07cb87ae8a8a1eb9 Mon Sep 17 00:00:00 2001
From: aditya7302 <aditya7302@gmail.com>
Date: Tue, 18 Jun 2024 10:38:33 +0530
Subject: [PATCH] Define top level Permission for ci-image-scanning workflow

Signed-off-by: aditya7302 <aditya7302@gmail.com>
---
 .github/workflows/ci-image-scanning.yaml | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/.github/workflows/ci-image-scanning.yaml b/.github/workflows/ci-image-scanning.yaml
index bda818aba..6198ff750 100644
--- a/.github/workflows/ci-image-scanning.yaml
+++ b/.github/workflows/ci-image-scanning.yaml
@@ -5,6 +5,11 @@ on:
     # for PRs initiated by Dependabot.
     branches-ignore:
       - 'dependabot/**'
+
+permissions:
+  contents: read # for actions/checkout to fetch code
+  security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
+  
 jobs:
   use-trivy-to-scan-image:
     name: image-scanning