Skip to content

fix: add actions:read permission for OSV-Scanner#80

Merged
magnonta merged 1 commit into
mainfrom
fix/security-workflow-permissions
May 18, 2026
Merged

fix: add actions:read permission for OSV-Scanner#80
magnonta merged 1 commit into
mainfrom
fix/security-workflow-permissions

Conversation

@magnonta
Copy link
Copy Markdown
Contributor

@magnonta magnonta commented May 18, 2026

The OSV-Scanner reusable workflow needs actions: read permission. Added to the top-level permissions block.

@magnonta
fix: add actions:read permission for OSV-Scanner workflow
06ca732 
The reusable workflow requires actions:read to function.
Copilot AI review requested due to automatic review settings May 18, 2026 20:41
@magnonta magnonta requested a review from cayohollanda as a code owner May 18, 2026 20:41
@magnonta magnonta added the ci-cd Pipeline, workflows, or tooling label May 18, 2026
@magnonta magnonta merged commit 18e8389 into main May 18, 2026
@github-advanced-security
Copy link
Copy Markdown

github-advanced-security AI commented May 18, 2026

You are seeing this message because GitHub Code Scanning has recently been set up for this repository, or this pull request contains the workflow file for the Code Scanning tool.

What Enabling Code Scanning Means:

  • The 'Security' tab will display more code scanning analysis results (e.g., for the default branch).
  • Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results.
  • You will be able to see the analysis results for the pull request's branch on this overview once the scans have completed and the checks have passed.

For more information about GitHub Code Scanning, check out the documentation.

Copilot AI reviewed May 18, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds the missing actions: read permission to the repository’s security scanning workflow so the OSV-Scanner reusable workflow can run with the required token scope.

Changes:

  • Update .github/workflows/security.yml top-level permissions to include actions: read.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@cayohollanda cayohollanda Awaiting requested review from cayohollanda cayohollanda is a code owner

Assignees

No one assigned

Labels

ci-cd Pipeline, workflows, or tooling

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@magnonta @github-advanced-security