Skip to content

Potential fix for code scanning alert no. 1: Workflow does not contain permissions#17

Merged
katastrofh merged 1 commit into
mainfrom
alert-autofix-1
Jun 14, 2026
Merged

Potential fix for code scanning alert no. 1: Workflow does not contain permissions#17
katastrofh merged 1 commit into
mainfrom
alert-autofix-1

Conversation

@katastrofh

Copy link
Copy Markdown
Owner

Potential fix for https://github.com/katastrofh/SNARK_LAB/security/code-scanning/1

Add an explicit permissions block at the workflow root so all jobs inherit least-privilege defaults. For this workflow, contents: read is the minimal and appropriate scope (needed for actions/checkout). This preserves existing behavior while constraining token access.

Where to change: .github/workflows/production-readiness.yml, near the top-level keys (after on: block and before jobs: is a clear location).

What to add:

  • YAML key:
    • permissions:
    • contents: read

No imports, methods, or dependencies are needed.

Suggested fixes powered by Copilot Autofix. Review carefully before merging.

…n permissions

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
@katastrofh katastrofh marked this pull request as ready for review June 14, 2026 09:40
@katastrofh katastrofh merged commit 9aa8eae into main Jun 14, 2026
10 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant