summaryrefslogtreecommitdiffhomepage
path: root/.github/workflows
diff options
context:
space:
mode:
Diffstat (limited to '.github/workflows')
-rw-r--r--.github/workflows/osv-scanner-pr.yml14
-rw-r--r--.github/workflows/osv-scanner-scheduled.yml14
2 files changed, 16 insertions, 12 deletions
diff --git a/.github/workflows/osv-scanner-pr.yml b/.github/workflows/osv-scanner-pr.yml
index 8280222c8d..f4e2d09d0c 100644
--- a/.github/workflows/osv-scanner-pr.yml
+++ b/.github/workflows/osv-scanner-pr.yml
@@ -5,14 +5,16 @@ on:
pull_request:
workflow_dispatch:
-permissions:
- # Require writing security events to upload SARIF file to security tab
- security-events: write
- # Only need to read contents
- contents: read
- actions: read
+permissions: {}
jobs:
scan-pr:
+ permissions:
+ # Require writing security events to upload SARIF file to security tab
+ security-events: write
+ # Only need to read contents
+ contents: read
+ actions: read
+
# yamllint disable rule:line-length
uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable-pr.yml@dfa8609a7da62968d73f63f279418e504c1f523f" # v1.8.1
diff --git a/.github/workflows/osv-scanner-scheduled.yml b/.github/workflows/osv-scanner-scheduled.yml
index 017af19e7e..7df091337a 100644
--- a/.github/workflows/osv-scanner-scheduled.yml
+++ b/.github/workflows/osv-scanner-scheduled.yml
@@ -8,14 +8,16 @@ on:
branches: [main]
workflow_dispatch:
-permissions:
- # Require writing security events to upload SARIF file to security tab
- security-events: write
- # Only need to read contents
- contents: read
- actions: read
+permissions: {}
jobs:
scan-scheduled:
+ permissions:
+ # Require writing security events to upload SARIF file to security tab
+ security-events: write
+ # Only need to read contents
+ contents: read
+ actions: read
+
# yamllint disable rule:line-length
uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml@dfa8609a7da62968d73f63f279418e504c1f523f" # v1.8.1