Refine permissions in CodeQL workflow

The "read-all" permission has been removed from the CodeQL workflow. Instead, the workflow now includes a specific read permission for contents, ensuring a more precise and secure access level.
This commit is contained in:
Winni Neessen 2024-03-17 19:28:06 +01:00
parent b36aeeeab6
commit 4bc210f1ab
Signed by: wneessen
GPG key ID: 5F3AF39B820C119D

View file

@ -23,7 +23,8 @@ on:
schedule: schedule:
- cron: '31 14 * * 1' - cron: '31 14 * * 1'
permissions: read-all permissions:
contents: read
jobs: jobs:
analyze: analyze: