From 3f2a95ae1c6251412179f57508ce34c0827a8cdf Mon Sep 17 00:00:00 2001
From: Rex P <rexpan@google.com>
Date: Wed, 1 Nov 2023 15:14:46 +1100
Subject: [PATCH] Fix permissions in PR osv-scanner

---
 docs/github-action.md | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/docs/github-action.md b/docs/github-action.md
index ef3d757d771..62bc7f05bcf 100644
--- a/docs/github-action.md
+++ b/docs/github-action.md
@@ -42,8 +42,11 @@ on:
   merge_group:
     branches: [ main ]
 
-# Declare default permissions as read only.
-permissions: read-all
+permissions:
+  # Require writing security events to upload SARIF file to security tab
+  security-events: write
+  # Only need to read contents
+  contents: read
 
 jobs:
   scan-pr: