Skip to content

Potential fix for code scanning alert no. 1: Workflow does not contain permissions#1

Merged
adamy merged 1 commit into
mainfrom
alert-autofix-1
Jun 24, 2026
Merged

Potential fix for code scanning alert no. 1: Workflow does not contain permissions#1
adamy merged 1 commit into
mainfrom
alert-autofix-1

Conversation

@adamy

@adamy adamy commented Jun 24, 2026

Copy link
Copy Markdown
Owner

Potential fix for https://github.com/adamy/RedactWire/security/code-scanning/1

Add an explicit permissions block at the workflow root so all jobs inherit least-privilege token access unless overridden. For this CI workflow, contents: read is the minimal and appropriate permission for checkout/build/test.

Best single fix (no behavior change): in .github/workflows/ci.yml, insert:

permissions:
  contents: read

between the trigger section (on:) and env: (or anywhere at workflow root level). No imports, methods, or additional definitions are needed.

Suggested fixes powered by Copilot Autofix. Review carefully before merging.

…n permissions

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
@adamy adamy marked this pull request as ready for review June 24, 2026 00:39
@adamy adamy merged commit 090ca50 into main Jun 24, 2026
4 checks passed
@adamy adamy deleted the alert-autofix-1 branch June 24, 2026 08:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant