Skip to content

Commit f66af06

Browse files
committed
fix(security): add permissions block to PR security check workflow
1 parent 7cd11aa commit f66af06

File tree

1 file changed

+9
-2
lines changed

1 file changed

+9
-2
lines changed

.github/workflows/pr-security-check.yml

Lines changed: 9 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -4,11 +4,18 @@ on:
44
pull_request:
55
branches: [ main, develop ]
66

7+
permissions:
8+
contents: read
9+
pull-requests: write
10+
711
jobs:
812
# Quick security scan for PRs
913
security-scan:
1014
name: 🔍 Security Scan
1115
runs-on: ubuntu-latest
16+
permissions:
17+
contents: read
18+
pull-requests: write
1219
steps:
1320
- name: Checkout code
1421
uses: actions/checkout@v4
@@ -38,13 +45,13 @@ jobs:
3845
script: |
3946
const fs = require('fs');
4047
const path = require('path');
41-
48+
4249
try {
4350
const reportPath = path.join(process.env.GITHUB_WORKSPACE, 'target');
4451
if (fs.existsSync(reportPath)) {
4552
const files = fs.readdirSync(reportPath);
4653
const htmlFile = files.find(f => f.includes('dependency-check-report') && f.endsWith('.html'));
47-
54+
4855
if (htmlFile) {
4956
github.rest.issues.createComment({
5057
issue_number: context.issue.number,

0 commit comments

Comments
 (0)