Skip to content

Commit

Permalink
Add permissions to Brakeman job
Browse files Browse the repository at this point in the history 
Adds permissions for Brakeman workflow to upload findings to GitHub Code Scanning within this repository. This will enhance visibility within GitHub UI, with findings displayed similarly to CodeQL. An example can be viewed [here](alphagov/support-api#932). 

This PR will be reviewed and merged by the Platform Security and Reliability team. Any questions or concerns, please reach out in our channel: #govuk-platform-security-reliability-team.

GOV.UK Infrastructure PR dependent on this: [Link](alphagov/govuk-infrastructure#1238).

[Trello card](https://trello.com/c/AFw2LOkY/3457-integrate-brakeman-findings-with-github-code-scanning-5)
  • Loading branch information
@MuriloDalRi
MuriloDalRi committed Apr 11, 2024
1 parent 7a14a22 commit 6b6fb0e
Showing 1 changed file with 5 additions and 0 deletions.
5 changes: 5 additions & 0 deletions .github/workflows/ci.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,11 @@ jobs:
security-analysis:
name: Security Analysis
uses: alphagov/govuk-infrastructure/.github/workflows/brakeman.yml@main
secrets: inherit
permissions:
contents: read
security-events: write
actions: read

lint-scss:
name: Lint SCSS
Expand Down

0 comments on commit 6b6fb0e

Please sign in to comment.