Potential fix for code scanning alert no. 2: Workflow does not contain permissions

As part of the organization's transition to default read-only permissions for the GITHUB_TOKEN, this pull request addresses a missing permission in the workflow that triggered a code scanning alert.

This PR explicitly adds the required read permissions to align with the default read only permission and is part of a larger effort for this OKR github/security-services#455

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>

This commit is contained in:

Cindy Hill

2025-11-03 12:55:11 -07:00

committed by

GitHub

parent 0eca75db93

commit 4f2b4412b9

1 changed files with 2 additions and 0 deletions

									
										2

.github/workflows/test.yml
									
										vendored
									
												View File
												
				@@ -1,4 +1,6 @@

				name: Test

				permissions:

				  contents: read

				on: [push, pull_request]

Potential fix for code scanning alert no. 2: Workflow does not contain permissions

2 .github/workflows/test.yml vendored Unescape Escape Copy filename View File

2

.github/workflows/test.yml vendored

View File