Skip to content

Potential fix for code scanning alert no. 1: Workflow does not contain permissions#31

Merged
olstakh merged 1 commit intomainfrom
alert-autofix-1
Apr 29, 2026
Merged

Potential fix for code scanning alert no. 1: Workflow does not contain permissions#31
olstakh merged 1 commit intomainfrom
alert-autofix-1

Conversation

@olstakh
Copy link
Copy Markdown
Owner

@olstakh olstakh commented Apr 29, 2026

Potential fix for https://github.com/olstakh/XUnit-v3-IntegrationTesting/security/code-scanning/1

Add an explicit permissions block to the workflow so GITHUB_TOKEN is minimally scoped.
Best fix: define workflow-level permissions right after on: (or after name:/event block), setting contents: read. This preserves current functionality (checkout still works) and prevents unintended write access if repository/org defaults are broader.

File to change: .github/workflows/pr.yml
Specific change: Insert:

permissions:
  contents: read

at the top level before jobs:.

No imports, methods, or dependencies are needed.

Suggested fixes powered by Copilot Autofix. Review carefully before merging.

@olstakh @github-advanced-security
Potential fix for code scanning alert no. 1: Workflow does not contai…
7344749 
…n permissions

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
@olstakh olstakh marked this pull request as ready for review April 29, 2026 04:02
@olstakh olstakh merged commit 50c6d62 into main Apr 29, 2026
5 checks passed
@olstakh olstakh deleted the alert-autofix-1 branch April 29, 2026 05:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@olstakh