Skip to content

Potential fix for code scanning alert no. 1: Workflow does not contain permissions#8

Merged
randallmorse merged 1 commit into
mainfrom
alert-autofix-1
Sep 30, 2025
Merged

Potential fix for code scanning alert no. 1: Workflow does not contain permissions#8
randallmorse merged 1 commit into
mainfrom
alert-autofix-1

Conversation

@randallmorse

Copy link
Copy Markdown
Contributor

Potential fix for https://github.com/lets-qa/test-runner/security/code-scanning/1

To fix the issue, add a permissions block to the workflow to explicitly set the least privilege required. Since the workflow only checks out code and builds a Docker image, it only needs contents: read. The best practice is to add the permissions block at the root level (after the name: field and before on:), so it applies to the entire workflow. This involves editing .github/workflows/docker-image.yml to insert:

permissions:
  contents: read

on a new line after line 1.

Suggested fixes powered by Copilot Autofix. Review carefully before merging.

…n permissions

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
@randallmorse randallmorse marked this pull request as ready for review September 30, 2025 23:26
@randallmorse randallmorse merged commit e89c3b6 into main Sep 30, 2025
3 of 4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant