Skip to content

Potential fix for code scanning alert no. 5: Workflow does not contain permissions#27

Merged
nnicora merged 3 commits into
mainfrom
alert-autofix-5
Jul 18, 2025
Merged

Potential fix for code scanning alert no. 5: Workflow does not contain permissions#27
nnicora merged 3 commits into
mainfrom
alert-autofix-5

Conversation

@nnicora

@nnicora nnicora commented Jun 21, 2025

Copy link
Copy Markdown
Contributor

Potential fix for https://github.com/openkcm/plugin-sdk/security/code-scanning/5

To fix the issue, we will add a permissions block at the root of the workflow. This block will define the minimal permissions required for the workflow to function securely. Based on the context, the workflow likely needs read access to repository contents and possibly write access to pull requests (if it interacts with pull requests). We will set contents: read and pull-requests: write as a starting point. If additional permissions are required, they can be added later.


Suggested fixes powered by Copilot Autofix. Review carefully before merging.

…n permissions

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
@github-actions

github-actions Bot commented Jun 21, 2025

Copy link
Copy Markdown

The latest Buf updates on your PR. Results from workflow Buf CI / buf (pull_request).

BuildFormatLintBreakingUpdated (UTC)
✅ passed✅ passed✅ passed✅ passedJul 15, 2025, 8:07 PM

@nnicora nnicora marked this pull request as ready for review July 15, 2025 20:06
@sonarqubecloud

Copy link
Copy Markdown

@nnicora nnicora merged commit 03da97f into main Jul 18, 2025
9 checks passed
@nnicora nnicora deleted the alert-autofix-5 branch July 18, 2025 10:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants