fix: ensure safer workflow permissions (CKV2_GHA_1)

Signed-off-by: Lucas Larson <[email protected]>
LucasLarson · Apr 27, 2024 · 116b5f3 · 116b5f3
1 parent f4eba15
commit 116b5f3
Show file tree

Hide file tree

Showing 3 changed files with 9 additions and 0 deletions.
diff --git a/.github/workflows/changelog.yml b/.github/workflows/changelog.yml
@@ -6,6 +6,9 @@ on:
     branches:
       - main
 
+permissions:
+  contents: read
+
 # cancel any in-progress job or run
 concurrency:
   group: ${{ github.ref }}

diff --git a/.github/workflows/jsonlint.yml b/.github/workflows/jsonlint.yml
@@ -6,6 +6,9 @@ on:
     branches:
       - main
 
+permissions:
+  contents: read
+
 jobs:
   format-json:
     name: Format JSON files and create a pull request

diff --git a/.github/workflows/shellcheck-markdown.yml b/.github/workflows/shellcheck-markdown.yml
@@ -4,6 +4,9 @@ name: Shellcheck code in Markdown
 on:
   push:
 
+permissions:
+  contents: read
+
 jobs:
   build:
     runs-on: ubuntu-latest