Skip to content

Potential fix for code scanning alert no. 2: Workflow does not contain permissions#31

Merged
lcmen merged 1 commit into
mainfrom
alert-autofix-2
Jul 1, 2026
Merged

Potential fix for code scanning alert no. 2: Workflow does not contain permissions#31
lcmen merged 1 commit into
mainfrom
alert-autofix-2

Conversation

@lcmen

@lcmen lcmen commented Jul 1, 2026

Copy link
Copy Markdown
Owner

Potential fix for https://github.com/lcmen/compartment/security/code-scanning/2

Add an explicit permissions block to .github/workflows/ci.yml at the workflow root so it applies to all jobs (currently just build).
For this workflow, the minimal safe baseline is:

  • contents: read

This supports actions/checkout and keeps token scope least-privileged for build/test operations. No imports, methods, or dependencies are needed; just a YAML edit near the top of the file (after on: block and before jobs:).

Suggested fixes powered by Copilot Autofix. Review carefully before merging.

…n permissions

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
@lcmen lcmen marked this pull request as ready for review July 1, 2026 15:33
@lcmen lcmen merged commit c13e710 into main Jul 1, 2026
4 checks passed
@lcmen lcmen deleted the alert-autofix-2 branch July 1, 2026 15:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant