Refine permissions in CodeQL workflow

The "read-all" permission has been removed from the CodeQL workflow. Instead, the workflow now includes a specific read permission for contents, ensuring a more precise and secure access level.
2024-11-09 15:52:54 +01:00 · 2024-03-17 19:28:06 +01:00 · 2024-03-17 19:28:06 +01:00 · 4bc210f1ab
commit 4bc210f1ab
parent b36aeeeab6
1 changed files with 2 additions and 1 deletions
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@ -23,7 +23,8 @@ on:
  schedule:
    - cron: '31 14 * * 1'

-permissions: read-all
+permissions:
+  contents: read

 jobs:
  analyze: