From f5b190c5eddba60dfe6143c118a9b0f84395d724 Mon Sep 17 00:00:00 2001 From: Mahmud Hussain Date: Wed, 13 Mar 2024 10:33:16 +0000 Subject: [PATCH] Add required permissions for integrating snyk with code scanning --- .github/workflows/ci.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 44c5a79e..4ddfcae4 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -15,6 +15,10 @@ jobs: name: SNYK security analysis uses: alphagov/govuk-infrastructure/.github/workflows/snyk-security.yml@main secrets: inherit + permissions: + contents: read + security-events: write + actions: read codeql-sast: name: CodeQL SAST scan