Skip to content

Potential fix for code scanning alert no. 5: Workflow does not contain permissions#28

Merged
locus313 merged 1 commit into
mainfrom
alert-autofix-5
Jun 14, 2026
Merged

Potential fix for code scanning alert no. 5: Workflow does not contain permissions#28
locus313 merged 1 commit into
mainfrom
alert-autofix-5

Conversation

@locus313

Copy link
Copy Markdown
Owner

Potential fix for https://github.com/locus313/ssh-key-sync/security/code-scanning/5

Add an explicit permissions block in .github/workflows/release.yml to enforce least privilege.

Best single fix (without changing functionality): define workflow-level permissions right after on: so all jobs inherit it. This workflow needs:

  • contents: write (required for pushing tags and creating releases)
    No additional scopes are required by the shown steps.

Edit region:

  • .github/workflows/release.yml, insert permissions: between on: block and jobs: block.

No imports, methods, or dependencies are needed (YAML config only).

Suggested fixes powered by Copilot Autofix. Review carefully before merging.

…n permissions

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
@locus313 locus313 marked this pull request as ready for review June 14, 2026 02:24
@locus313 locus313 merged commit b0d8082 into main Jun 14, 2026
7 checks passed
@locus313 locus313 deleted the alert-autofix-5 branch June 14, 2026 02:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant