InnerSourcePatterns icon indicating copy to clipboard operation
InnerSourcePatterns copied to clipboard
verified publisher icon InnerSourceCommons

Potential fix for code scanning alert no. 6: Workflow does not contain permissions

Open lenucksi opened this issue 2 weeks ago • 0 comments

Potential fix for https://github.com/InnerSourceCommons/InnerSourcePatterns/security/code-scanning/6

To fix the problem, add a permissions block to the workflow file at the job or root level, specifying the least privileges required for the workflow to operate. In this case, the workflow reads repository contents and uses gh to create and comment on issues. Therefore, you should set contents: read and issues: write. Place the permissions block at the root level so it applies to all jobs, typically immediately under the name field, before the on: field.

Specific steps:

  • In the file .github/workflows/i18n-consistency-checker.yaml

  • Insert the following block after name: i18n Consistency Check (line 6):

    permissions:
  contents: read
  issues: write

No other code, imports, or settings need to be changed.

Suggested fixes powered by Copilot Autofix. Review carefully before merging.

lenucksi avatar Nov 25 '25 14:11 lenucksi