workflow: declare trivy's permissions within the job

tkatila · tkatila · commit 7e24d428d92b · 2024-12-17T10:30:52.000+02:00
Signed-off-by: Tuomas Katila &lt;tuomas.katila@intel.com&gt;
diff --git a/.github/workflows/trivy-periodic.yaml b/.github/workflows/trivy-periodic.yaml
@@ -6,15 +6,12 @@ on:
     branches:
       - main
 
-permissions:
-  contents: read
-  security-events: write
-  actions: read
-
 jobs:
   trivy-scan-vulns:
     permissions:
+      contents: read
       security-events: write
+      actions: read
     runs-on: ubuntu-24.04
     name: Scan vulnerabilities
     steps:
