From b0f75c6d4660fb1ab1117a1edfb5e46957716c68 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?S=C3=A9bastien=20Stormacq?= <sebastien.stormacq@gmail.com>
Date: Sat, 27 Sep 2025 12:08:00 +0200
Subject: [PATCH] add compliance to security check CKV2_GHA_1

---
 .github/workflows/pull_request.yml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.github/workflows/pull_request.yml b/.github/workflows/pull_request.yml
index dcb9db0..d4be676 100644
--- a/.github/workflows/pull_request.yml
+++ b/.github/workflows/pull_request.yml
@@ -4,6 +4,9 @@ on:
   pull_request:
     types: [opened, reopened, synchronize]
 
+# As per Checkov CKV2_GHA_1
+permissions: read-all
+
 jobs:
   soundness:
     name: Soundness