Skip to content

Potential fix for code scanning alert no. 40: Workflow does not contain permissions#2787

Open
aramprice wants to merge 1 commit into
mainfrom
alert-autofix-40
Open

Potential fix for code scanning alert no. 40: Workflow does not contain permissions#2787
aramprice wants to merge 1 commit into
mainfrom
alert-autofix-40

Conversation

@aramprice

Copy link
Copy Markdown
Member

Potential fix for https://github.com/cloudfoundry/bosh/security/code-scanning/40

Add an explicit permissions block in .github/workflows/go.yml at the workflow root so it applies to all jobs unless overridden. For this lint-only workflow, contents: read is the minimal appropriate permission and aligns with CodeQL’s recommendation.

Best single fix without changing functionality:

  • Edit .github/workflows/go.yml
  • Insert after the on: declaration (before jobs:):
    • permissions:
    • contents: read

No imports, methods, or extra definitions are needed (YAML workflow file only).

Suggested fixes powered by Copilot Autofix. Review carefully before merging.

…in permissions

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
@linux-foundation-easycla

linux-foundation-easycla Bot commented Jul 16, 2026

Copy link
Copy Markdown

CLA Signed
The committers listed above are authorized under a signed CLA.

  • ✅ login: aramprice / name: aram price (075cfdb)

@aramprice
aramprice requested a review from Copilot July 16, 2026 22:46
@aramprice
aramprice marked this pull request as ready for review July 16, 2026 22:47

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot encountered an error and was unable to review this pull request. You can try again by re-requesting a review.

@aramprice

Copy link
Copy Markdown
Member Author

/easycla

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

Development

Successfully merging this pull request may close these issues.

2 participants