Potential fix for code scanning alert no. 10: Workflow does not contain permissions

Open lenucksi opened this issue 2 weeks ago • 0 comments

Potential fix for https://github.com/InnerSourceCommons/InnerSourcePatterns/security/code-scanning/10

To fix this problem, add an explicit permissions block at the workflow or job level. Since this workflow doesn't need to write to the repository or manage issues/pull requests, the minimum required is:

permissions:
  contents: read

This should be placed at the top workflow level (just under name: or above on:), so it applies to all jobs.
No further code changes are needed.

Suggested fixes powered by Copilot Autofix. Review carefully before merging.

Nov 25 '25 14:11 lenucksi