diff options
author | Alex <aleksandrosansan@gmail.com> | 2022-09-26 15:52:46 +0100 |
---|---|---|
committer | Bram Moolenaar <Bram@vim.org> | 2022-09-26 15:52:46 +0100 |
commit | 311df6bb0f861154e6a27144c226c805c7554a94 (patch) | |
tree | 73269e6b635854c363853400bc7135bed4095fda /.github/workflows/codeql-analysis.yml | |
parent | 838b746cce7ea863acdb81e3f44eec2ea90de92a (diff) |
patch 9.0.0593: CI actions have too many permissionsv9.0.0593
Problem: CI actions have too many permissions.
Solution: Restrict permissions to what is required. (closes #11223)
Diffstat (limited to '.github/workflows/codeql-analysis.yml')
-rw-r--r-- | .github/workflows/codeql-analysis.yml | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index efb9e66995..efd91a4de8 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -21,8 +21,15 @@ concurrency: group: ${{ github.workflow }}-${{ github.event_name == 'pull_request' && github.head_ref || github.sha }} cancel-in-progress: true +permissions: + contents: read # to fetch code (actions/checkout) + jobs: analyze: + permissions: + contents: read # to fetch code (actions/checkout) + security-events: write # (github/codeql-action/autobuild) + name: Analyze runs-on: ubuntu-latest |