Define top level Permission for ci-image-scanning workflow

Signed-off-by: aditya7302 <aditya7302@gmail.com>
2024-06-18 10:38:33 +05:30 · 2024-06-18 10:38:33 +05:30 · c437a18de3
parent 5e8152ab2e
commit c437a18de3
1 changed files with 5 additions and 0 deletions
--- a/.github/workflows/ci-image-scanning.yaml
+++ b/.github/workflows/ci-image-scanning.yaml
@ -5,6 +5,11 @@ on:
    # for PRs initiated by Dependabot.
    branches-ignore:
      - 'dependabot/**'
+
+permissions:
+  contents: read # for actions/checkout to fetch code
+  security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
+  
 jobs:
  use-trivy-to-scan-image:
    name: image-scanning