From aef938964d0fc421517547cd58482ca53f94b8b8 Mon Sep 17 00:00:00 2001 From: Chaminda Divitotawela Date: Tue, 18 Jun 2024 11:42:50 +1000 Subject: [PATCH] fix: workflow permission to upload trivy sarif report (#7234) Trivy scan result upload to GitHub fails due to permission issue. Added permission security-events=write to the workflow file as a fix. Since workflow permission explicitly defined, it requires contents=read explicity set as well Signed-off-by: Chaminda Divitotawela --- .github/workflows/container-security-scan.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/container-security-scan.yml b/.github/workflows/container-security-scan.yml index 85065c828c..f945d13220 100644 --- a/.github/workflows/container-security-scan.yml +++ b/.github/workflows/container-security-scan.yml @@ -14,6 +14,9 @@ on: jobs: scan-sarif: runs-on: ubuntu-latest + permissions: + contents: read + security-events: write steps: - name: Checkout