From b7c4cacacaf2995e8c11a5400822f25cc6bad2d6 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Tue, 9 Dec 2025 21:33:54 +0000
Subject: [PATCH 1/5] Initial plan


From 1e4be4cf287b1ed4e839c0f64603d9b6236758ce Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Tue, 9 Dec 2025 21:36:45 +0000
Subject: [PATCH 2/5] Add complete GitHub Actions workflow structure to
 codacy.yml

Co-authored-by: LukeLarge <162439255+LukeLarge@users.noreply.github.com>
---
 .github/workflows/codacy.yml | 65 +++++++++++++++++++-----------------
 1 file changed, 35 insertions(+), 30 deletions(-)

diff --git a/.github/workflows/codacy.yml b/.github/workflows/codacy.yml
index fc682e81e69..c7c4ae29dfd 100644
--- a/.github/workflows/codacy.yml
+++ b/.github/workflows/codacy.yml
@@ -1,30 +1,35 @@
-            - name: defectdojo findings threshold
-  # You may pin to the exact commit or the version.
-  # uses: portswigger-cloud/defectdojo-findings-thresholds@d61c4c6fe732eded4828e76dd538098b48b7d245
-  uses: portswigger-cloud/defectdojo-findings-thresholds@v1.0.1
-  with:
-    # the url of your defectdojo instance
-    defectdojo-url: ${{ secrets.DEFECTDOJO_URL }}
-    # the username to login into your defectdojo instance
-    defectdojo-username: ${{ secrets.DEFECTDOJO_USERNAME }}
-    # the password to login into your defectdojo instance
-    defectdojo-password: ${{ secrets.DEFECTDOJO_PASSWORD }}
-    # the defectdojo product that the scan result relates to
-    defectdojo-product: 'your-product-name'
-    # the file path for a client side certificate if required
-    client-certificate-file-path: # optional
-    # the file path for a client side private key if required
-    client-key-file-path: # optional
-    # total findings threshold
-    total-threshold: # optional, default is false
-    # critical findings threshold
-    critical-threshold: # optional, default is false
-    # high findings threshold
-    high-threshold: # optional, default is false
-    # medium findings threshold
-    medium-threshold: # optional, default is false
-    # low findings threshold
-    low-threshold: # optional, default is false
-    # info findings threshold
-    info-threshold: # optional, default is false
-          
+name: DefectDojo Findings Threshold
+on: [push, pull_request]
+jobs:
+  check-findings:
+    runs-on: ubuntu-latest
+    steps:
+      - name: defectdojo findings threshold
+        # You may pin to the exact commit or the version.
+        # uses: portswigger-cloud/defectdojo-findings-thresholds@d61c4c6fe732eded4828e76dd538098b48b7d245
+        uses: portswigger-cloud/defectdojo-findings-thresholds@v1.0.1
+        with:
+          # the url of your defectdojo instance
+          defectdojo-url: ${{ secrets.DEFECTDOJO_URL }}
+          # the username to login into your defectdojo instance
+          defectdojo-username: ${{ secrets.DEFECTDOJO_USERNAME }}
+          # the password to login into your defectdojo instance
+          defectdojo-password: ${{ secrets.DEFECTDOJO_PASSWORD }}
+          # the defectdojo product that the scan result relates to
+          defectdojo-product: 'your-product-name'
+          # the file path for a client side certificate if required
+          client-certificate-file-path: # optional
+          # the file path for a client side private key if required
+          client-key-file-path: # optional
+          # total findings threshold
+          total-threshold: # optional, default is false
+          # critical findings threshold
+          critical-threshold: # optional, default is false
+          # high findings threshold
+          high-threshold: # optional, default is false
+          # medium findings threshold
+          medium-threshold: # optional, default is false
+          # low findings threshold
+          low-threshold: # optional, default is false
+          # info findings threshold
+          info-threshold: # optional, default is false

From c7037ce9411b3ea7f97dd2cccda9dcca8c1a1373 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Tue, 9 Dec 2025 21:38:53 +0000
Subject: [PATCH 3/5] Remove unused optional parameters for cleaner workflow
 file

Co-authored-by: LukeLarge <162439255+LukeLarge@users.noreply.github.com>
---
 .github/workflows/codacy.yml | 16 ----------------
 1 file changed, 16 deletions(-)

diff --git a/.github/workflows/codacy.yml b/.github/workflows/codacy.yml
index c7c4ae29dfd..2b3b2999ad8 100644
--- a/.github/workflows/codacy.yml
+++ b/.github/workflows/codacy.yml
@@ -17,19 +17,3 @@ jobs:
           defectdojo-password: ${{ secrets.DEFECTDOJO_PASSWORD }}
           # the defectdojo product that the scan result relates to
           defectdojo-product: 'your-product-name'
-          # the file path for a client side certificate if required
-          client-certificate-file-path: # optional
-          # the file path for a client side private key if required
-          client-key-file-path: # optional
-          # total findings threshold
-          total-threshold: # optional, default is false
-          # critical findings threshold
-          critical-threshold: # optional, default is false
-          # high findings threshold
-          high-threshold: # optional, default is false
-          # medium findings threshold
-          medium-threshold: # optional, default is false
-          # low findings threshold
-          low-threshold: # optional, default is false
-          # info findings threshold
-          info-threshold: # optional, default is false

From e8f55e36f0ee044c2f8d8dd196f14f58a7342c8f Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Tue, 9 Dec 2025 21:39:37 +0000
Subject: [PATCH 4/5] Add TODO comment for product name placeholder

Co-authored-by: LukeLarge <162439255+LukeLarge@users.noreply.github.com>
---
 .github/workflows/codacy.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/codacy.yml b/.github/workflows/codacy.yml
index 2b3b2999ad8..8308be6d5f1 100644
--- a/.github/workflows/codacy.yml
+++ b/.github/workflows/codacy.yml
@@ -16,4 +16,5 @@ jobs:
           # the password to login into your defectdojo instance
           defectdojo-password: ${{ secrets.DEFECTDOJO_PASSWORD }}
           # the defectdojo product that the scan result relates to
+          # TODO: Replace 'your-product-name' with the actual product name in DefectDojo
           defectdojo-product: 'your-product-name'

From 36183bf7af7b7392d9a30e0e41a1b47569676e0a Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Tue, 9 Dec 2025 21:41:12 +0000
Subject: [PATCH 5/5] Add explicit GITHUB_TOKEN permissions for security

Co-authored-by: LukeLarge <162439255+LukeLarge@users.noreply.github.com>
---
 .github/workflows/codacy.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.github/workflows/codacy.yml b/.github/workflows/codacy.yml
index 8308be6d5f1..ee1ffdd4a19 100644
--- a/.github/workflows/codacy.yml
+++ b/.github/workflows/codacy.yml
@@ -3,6 +3,8 @@ on: [push, pull_request]
 jobs:
   check-findings:
     runs-on: ubuntu-latest
+    permissions:
+      contents: read
     steps:
       - name: defectdojo findings threshold
         # You may pin to the exact commit or the version.