Merge pull request #1934 from tkatila/tune-trivy-permissions

mythi · web-flow · commit 2da4a974100d · 2024-12-17T13:46:50.000+02:00
workflow: declare trivy's permissions within the job
diff --git a/.github/workflows/trivy-periodic.yaml b/.github/workflows/trivy-periodic.yaml
@@ -6,15 +6,12 @@ on:
     branches:
       - main
 
-permissions:
-  contents: read
-  security-events: write
-  actions: read
-
 jobs:
   trivy-scan-vulns:
     permissions:
+      contents: read
       security-events: write
+      actions: read
     runs-on: ubuntu-24.04
     name: Scan vulnerabilities
     steps:
