Add security-events: write to zizmor caller workflow

tashian · claude · tashian · commit e8e7c785cfad · 2026-03-02T18:43:03.000-08:00
The caller workflow's permissions are the ceiling for reusable
workflows. The zizmor-action needs security-events: write to
upload SARIF results to GitHub Advanced Security.

Co-Authored-By: Claude Opus 4.6 &lt;noreply@anthropic.com&gt;
diff --git a/.github/workflows/zizmor.yml b/.github/workflows/zizmor.yml
@@ -9,6 +9,7 @@ concurrency:
 
 permissions:
   contents: read
+  security-events: write
 
 jobs:
   zizmor:
