From f78e23c19de6d564883c07e34c2340f14f797048 Mon Sep 17 00:00:00 2001
From: shubham malik <shubhammalik24619@gmail.com>
Date: Thu, 13 Jan 2022 11:12:14 +0530
Subject: [PATCH 1/2] Update trivy.yml

---
 code-scanning/trivy.yml | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/code-scanning/trivy.yml b/code-scanning/trivy.yml
index f778492b98..307950e6de 100644
--- a/code-scanning/trivy.yml
+++ b/code-scanning/trivy.yml
@@ -14,8 +14,13 @@ on:
   schedule:
     - cron: $cron-weekly
 
+permissions: read-all
+
 jobs:
   build:
+    permissions:
+      contents: read # for actions/checkout to fetch code
+      security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
     name: Build
     runs-on: "ubuntu-18.04"
     steps:

From 3b8f20ff6ffebfd48548a91beae21864b3bc56d9 Mon Sep 17 00:00:00 2001
From: Shubham malik <shubhammalik24619@gmail.com>
Date: Wed, 26 Jan 2022 22:42:19 +0530
Subject: [PATCH 2/2] updated permission

---
 code-scanning/trivy.yml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/code-scanning/trivy.yml b/code-scanning/trivy.yml
index 307950e6de..3d5373f22c 100644
--- a/code-scanning/trivy.yml
+++ b/code-scanning/trivy.yml
@@ -14,7 +14,8 @@ on:
   schedule:
     - cron: $cron-weekly
 
-permissions: read-all
+permissions:
+  contents: read
 
 jobs:
   build: