using least privileges in workflows

Author: timbastin

.github/workflows/devguard-scanner.yaml

@@ -6,6 +6,12 @@ on:
   workflow_dispatch:
   push:
 
+permissions:
+  contents: read
+  actions: read
+  security-events: write
+  packages: write
+
 
 jobs:
   golangci:

.github/workflows/postgresql.yaml

@@ -5,6 +5,10 @@ on:
     tags:
     - '*'
 
+permissions:
+  contents: read
+  packages: write
+
 # There is a single job in this workflow. It's configured to run on the latest available version of Ubuntu.
 jobs:
   # Docker image build job

.github/workflows/vulndb.yaml

@@ -5,6 +5,10 @@ on:
   schedule:
     - cron: '0 */6 * * *' # every hour
 
+permissions:
+  contents: read
+  packages: write
+
 env:
   POSTGRES_DB: devguard
   POSTGRES_USER: devguard