diff options
Diffstat (limited to '.github/workflows')
| -rw-r--r-- | .github/workflows/osv-scanner-pr.yml | 14 | ||||
| -rw-r--r-- | .github/workflows/osv-scanner-scheduled.yml | 14 |
2 files changed, 16 insertions, 12 deletions
diff --git a/.github/workflows/osv-scanner-pr.yml b/.github/workflows/osv-scanner-pr.yml index 8280222c8d..f4e2d09d0c 100644 --- a/.github/workflows/osv-scanner-pr.yml +++ b/.github/workflows/osv-scanner-pr.yml @@ -5,14 +5,16 @@ on: pull_request: workflow_dispatch: -permissions: - # Require writing security events to upload SARIF file to security tab - security-events: write - # Only need to read contents - contents: read - actions: read +permissions: {} jobs: scan-pr: + permissions: + # Require writing security events to upload SARIF file to security tab + security-events: write + # Only need to read contents + contents: read + actions: read + # yamllint disable rule:line-length uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable-pr.yml@dfa8609a7da62968d73f63f279418e504c1f523f" # v1.8.1 diff --git a/.github/workflows/osv-scanner-scheduled.yml b/.github/workflows/osv-scanner-scheduled.yml index 017af19e7e..7df091337a 100644 --- a/.github/workflows/osv-scanner-scheduled.yml +++ b/.github/workflows/osv-scanner-scheduled.yml @@ -8,14 +8,16 @@ on: branches: [main] workflow_dispatch: -permissions: - # Require writing security events to upload SARIF file to security tab - security-events: write - # Only need to read contents - contents: read - actions: read +permissions: {} jobs: scan-scheduled: + permissions: + # Require writing security events to upload SARIF file to security tab + security-events: write + # Only need to read contents + contents: read + actions: read + # yamllint disable rule:line-length uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml@dfa8609a7da62968d73f63f279418e504c1f523f" # v1.8.1 |
