vaultwarden
/
bitwarden-estensione-browser
mirror of https://github.com/bitwarden/browser
1
0
Fork 0
Code Issues 1 Releases Wiki Activity

Adjust scan permissions (#8513)

This commit is contained in:
Matt Bishop 2024-03-27 12:35:13 -04:00 committed by GitHub
parent e98d29d2c8
commit 14e8e34b2d
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 6 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
.github/workflows/scan.yml vendored
View File

@ -10,8 +10,6 @@ on:
pull_request_target: pull_request_target:
types: [opened, synchronize] types: [opened, synchronize]
permissions: read-all
jobs: jobs:
check-run: check-run:
name: Check PR run name: Check PR run
@ -22,6 +20,8 @@ jobs:
runs-on: ubuntu-22.04 runs-on: ubuntu-22.04
needs: check-run needs: check-run
permissions: permissions:
contents: read
pull-requests: write
security-events: write security-events: write
steps: steps:
@ -43,7 +43,7 @@ jobs:
additional_params: --report-format sarif --output-path . ${{ env.INCREMENTAL }} additional_params: --report-format sarif --output-path . ${{ env.INCREMENTAL }}
- name: Upload Checkmarx results to GitHub - name: Upload Checkmarx results to GitHub
uses: github/codeql-action/upload-sarif@8a470fddafa5cbb6266ee11b37ef4d8aae19c571 # v3.24.6 uses: github/codeql-action/upload-sarif@1b1aada464948af03b950897e5eb522f92603cc2 # v3.24.9
with: with:
sarif_file: cx_result.sarif sarif_file: cx_result.sarif
@ -51,6 +51,9 @@ jobs:
name: Quality scan name: Quality scan
runs-on: ubuntu-22.04 runs-on: ubuntu-22.04
needs: check-run needs: check-run
permissions:
contents: read
pull-requests: write
steps: steps:
- name: Check out repo - name: Check out repo