Skip to content

Potential fix for code scanning alert no. 23: Workflow does not contain permissions#2788

Open
aramprice wants to merge 1 commit into
mainfrom
alert-autofix-23
Open

Potential fix for code scanning alert no. 23: Workflow does not contain permissions#2788
aramprice wants to merge 1 commit into
mainfrom
alert-autofix-23

Conversation

@aramprice

Copy link
Copy Markdown
Member

Potential fix for https://github.com/cloudfoundry/bosh/security/code-scanning/23

Add an explicit top-level permissions block in .github/workflows/ruby.yml so all jobs inherit least-privilege defaults.
Best fix (without changing functionality): set:

  • contents: read

This is sufficient for actions/checkout and test execution in this workflow. Place it near the top of the file (after on: is conventional), so both unit_specs and unit_specs-director inherit it automatically. No imports, methods, or additional definitions are needed.

Suggested fixes powered by Copilot Autofix. Review carefully before merging.

…in permissions

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
@linux-foundation-easycla

linux-foundation-easycla Bot commented Jul 16, 2026

Copy link
Copy Markdown

CLA Signed
The committers listed above are authorized under a signed CLA.

  • ✅ login: aramprice / name: aram price (0359cd7)

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot encountered an error and was unable to review this pull request. You can try again by re-requesting a review.

@aramprice

Copy link
Copy Markdown
Member Author

/easycla

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

Development

Successfully merging this pull request may close these issues.

2 participants