Potential fix for code scanning alert no. 5: Workflow does not contain permissions (#48)

CorentinGS · github-advanced-security[bot] · web-flow · commit a2eb986e357a · 2025-07-07T12:16:37.000+02:00
Co-authored-by: Copilot Autofix powered by AI &lt;62310815+github-advanced-security[bot]@users.noreply.github.com&gt;
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
@@ -28,6 +28,8 @@ jobs:
   test:
     runs-on: ubuntu-latest
     needs: setup
+    permissions:
+      contents: read
     steps:
       - name: Checkout code
         uses: actions/checkout@v3
@@ -54,6 +56,8 @@ jobs:
   vulncheck:
     runs-on: ubuntu-latest
     needs: test
+    permissions:
+      contents: read
     steps:
       - name: Checkout code
         uses: actions/checkout@v3
@@ -71,6 +75,9 @@ jobs:
     runs-on: ubuntu-latest
     needs: test  # Ensure changelog runs only if tests pass
     if: github.event_name == 'pull_request'  # Run only for pull requests
+    permissions:
+      contents: read
+      pull-requests: write
     steps:
       - name: Checkout code
         uses: actions/checkout@v3
@@ -83,6 +90,8 @@ jobs:
   report-card:
     runs-on: ubuntu-latest
     needs: test  # Ensure report card runs only if tests pass
+    permissions:
+      contents: read
     steps:
       - name: Checkout code
         uses: actions/checkout@v3
