Skip to content

Comments

Potential fix for code scanning alert no. 1: Workflow does not contain permissions#410

Merged
garloff merged 1 commit intomainfrom
alert-autofix-1
Dec 8, 2025
Merged

Potential fix for code scanning alert no. 1: Workflow does not contain permissions#410
garloff merged 1 commit intomainfrom
alert-autofix-1

Conversation

@garloff
Copy link
Member

@garloff garloff commented Dec 8, 2025

Potential fix for https://github.com/SovereignCloudStack/calendar/security/code-scanning/1

To fix this problem, you should declare a permissions block to restrict the permissions of the GITHUB_TOKEN issued for this workflow/job to only what is necessary. Since the workflow deploys with actions-gh-pages, it needs permission to write to repository contents, so contents: write is required. Place this block either at the top level of the workflow or inside the specific job that does the deploy. For this workflow, adding it at the job level (to the default job under line 9) is preferred for clarity, but adding it at the top level achieves the same effect for a single-job workflow. In this case, update .github/workflows/yaml2ics.yml to insert:

permissions:
  contents: write

at the appropriate location. No imports, definitions, or other code changes are needed.

Suggested fixes powered by Copilot Autofix. Review carefully before merging.

…n permissions

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
Signed-off-by: Kurt Garloff <kurt@garloff.de>
@garloff garloff marked this pull request as ready for review December 8, 2025 13:56
@garloff garloff requested a review from a team as a code owner December 8, 2025 13:56
@garloff garloff self-assigned this Dec 8, 2025
@garloff garloff merged commit edcae3c into main Dec 8, 2025
4 checks passed
@garloff garloff deleted the alert-autofix-1 branch December 8, 2025 16:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants