Commit 64480dd
Potential fix for code scanning alert no. 3: Workflow does not contain permissions (#214)
Potential fix for
[https://github.com/microsoft/azure-devops-mcp/security/code-scanning/3](https://github.com/microsoft/azure-devops-mcp/security/code-scanning/3)
To fix the issue, add a `permissions` block to the workflow to
explicitly define the minimum required permissions for each job. Since
the jobs in this workflow only need to read repository contents and do
not perform write operations, the `contents: read` permission is
sufficient. This change ensures that the `GITHUB_TOKEN` has limited
access, reducing the risk of unintended repository modifications.
The `permissions` block can be added at the root level of the workflow
to apply to all jobs or within each job to define permissions specific
to that job. In this case, adding it at the root level is more concise
and effective.
---
_Suggested fixes powered by Copilot Autofix. Review carefully before
merging._
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>1 parent be50805 commit 64480dd
1 file changed
Lines changed: 3 additions & 0 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
8 | 8 | | |
9 | 9 | | |
10 | 10 | | |
| 11 | + | |
| 12 | + | |
| 13 | + | |
11 | 14 | | |
12 | 15 | | |
13 | 16 | | |
| |||
0 commit comments