fix: add security-events write permission for SARIF upload

joaquinbejar · joaquinbejar · commit d7522e251d65 · 2026-02-02T10:56:39.000+01:00
The CodeQL/Trivy SARIF upload requires security-events: write permission
to upload scan results to GitHub Security tab.
diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml
@@ -9,6 +9,10 @@ on:
     # Run weekly on Mondays at 00:00 UTC
     - cron: "0 0 * * 1"
 
+permissions:
+  contents: read
+  security-events: write
+
 env:
   CARGO_TERM_COLOR: always
 
