From 8f2f80a13038baec752d57b97b266cd3d61ce5f4 Mon Sep 17 00:00:00 2001 From: Alb3e3 Date: Wed, 15 Jul 2026 00:28:25 +0200 Subject: [PATCH] ci: set read-only workflow token permissions --- .github/workflows/build-and-test.yml | 3 +++ .github/workflows/sca_scan.yml | 3 +++ 2 files changed, 6 insertions(+) diff --git a/.github/workflows/build-and-test.yml b/.github/workflows/build-and-test.yml index eed92317a..1c3b7694b 100644 --- a/.github/workflows/build-and-test.yml +++ b/.github/workflows/build-and-test.yml @@ -6,6 +6,9 @@ on: push: branches: ["master", "main", "v3"] + +permissions: + contents: read jobs: gradle: runs-on: ubuntu-latest diff --git a/.github/workflows/sca_scan.yml b/.github/workflows/sca_scan.yml index 86239c076..7dddb3104 100644 --- a/.github/workflows/sca_scan.yml +++ b/.github/workflows/sca_scan.yml @@ -6,6 +6,9 @@ on: pull_request: branches: ["master"] + +permissions: + contents: read jobs: snyk-cli: uses: auth0/devsecops-tooling/.github/workflows/sca-scan.yml@main