Skip to content

security: add permissions to GitHub Actions workflows#242

Open
ujwalsah wants to merge 3 commits into
masterfrom
fix/add-workflow-permissions
Open

security: add permissions to GitHub Actions workflows#242
ujwalsah wants to merge 3 commits into
masterfrom
fix/add-workflow-permissions

Conversation

@ujwalsah

@ujwalsah ujwalsah commented May 5, 2026

Copy link
Copy Markdown

Summary

  • Add explicit permissions: contents: read to all workflow files missing a permissions block
  • Follows the principle of least privilege for GitHub Actions tokens
  • Resolves CodeQL alert actions/missing-workflow-permissions (NR-560112)

Test plan

  • Verify CI workflows still pass with the new permissions block
  • Confirm CodeQL alert is resolved after merge

Add explicit `permissions: contents: read` to all workflow files
that were missing a permissions block. This follows the principle of
least privilege and resolves CodeQL alert actions/missing-workflow-permissions.

Resolves: NR-560112
@ujwalsah ujwalsah requested a review from a team as a code owner May 5, 2026 08:46
The automated_release workflow creates commits to update the changelog.
The prerelease workflow uses GITHUB_TOKEN to upload release assets.
sairaj18
sairaj18 previously approved these changes May 20, 2026
The reusable_security.yaml workflow requires security-events: write
to upload SARIF results.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants