Update codeql-analysis.yml

Signed-off-by: sashashura <93376818+sashashura@users.noreply.github.com>
apache · Aug 29, 2022 · c3c9856 · c3c9856
1 parent 26f07ac
commit c3c9856
Showing 1 changed file with 3 additions and 1 deletion.
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
@@ -7,6 +7,9 @@ on:
     branches: [ trunk ]
   schedule:
     - cron: '0 3 * * *'
+
+permissions:
+  contents: read  # for actions/checkout to fetch code
 
 jobs:
   # Special job which skips duplicate jobs
@@ -33,7 +36,6 @@ jobs:
   analyze:
     permissions:
       actions: read  # for github/codeql-action/init to get workflow details
-      contents: read  # for actions/checkout to fetch code
       security-events: write  # for github/codeql-action/autobuild to send a status report
     name: Analyze
     runs-on: ubuntu-latest