ci: fix osv-scanner action

Signed-off-by: zirain <[email protected]>
envoyproxy · Jun 11, 2024 · 727f735 · 727f735
1 parent 242d69f
commit 727f735
Showing 1 changed file with 5 additions and 4 deletions.
diff --git a/.github/workflows/osv-scanner.yml b/.github/workflows/osv-scanner.yml
@@ -1,5 +1,9 @@
 name: OSV-Scanner
 
+# Restrict jobs in this workflow to have no permissions by default; permissions
+# should be granted per job as needed using a dedicated `permissions` block
+permissions: {}
+
 on:
   pull_request:
     branches:
@@ -11,10 +15,7 @@ on:
     branches:
     - "main"
   schedule:
-  - cron: '44 15 * * 5'
-
-permissions:
-  contents: read
+    - cron: '44 15 * * 5'
 
 jobs:
   scan-scheduled: