Limit workflow action's access

cowtowncoder · cowtowncoder · commit 57c933ceebc7 · 2022-07-10T17:46:43.000-07:00
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
@@ -21,6 +21,8 @@ on:
     paths-ignore:
     - "README.md"
     - "release-notes/*"
+  permissions:
+    contents: read
 
 jobs:
   analyze:
