Fix permissions in PR osv-scanner

google · Nov 1, 2023 · 3f2a95a · 3f2a95a
1 parent 5a02f6c
commit 3f2a95a
Showing 1 changed file with 5 additions and 2 deletions.
diff --git a/docs/github-action.md b/docs/github-action.md
@@ -42,8 +42,11 @@ on:
   merge_group:
     branches: [ main ]
 
-# Declare default permissions as read only.
-permissions: read-all
+permissions:
+  # Require writing security events to upload SARIF file to security tab
+  security-events: write
+  # Only need to read contents
+  contents: read
 
 jobs:
   scan-pr: