Skip to content
CodeQL Scan

Tighten up github actions security #206

Sign in to view logs

Tighten up github actions security

Tighten up github actions security #206

Workflow file for this run

.github/workflows/codeql.yml at 556649d
# Reusable Workflows see: https://github.com/entur/gha-security/blob/main/README-code-scan.md
name: CodeQL Scan
on:
pull_request:
branches:
- "master"
push:
branches:
- "master"
schedule:
- cron: "0 3 * * MON" # Run Monday at 3AM UTC
jobs:
code-scan:

Check failure on line 16 in .github/workflows/codeql.yml

View workflow run for this annotation

GitHub Actions / CodeQL Scan

Invalid workflow file 

The workflow is not valid. .github/workflows/codeql.yml (Line: 16, Col: 3): Error calling workflow 'entur/gha-security/.github/workflows/code-scan.yml@v2'. The nested job 'upload-cached-results' is requesting 'contents: write', but is only allowed 'contents: read'. .github/workflows/codeql.yml (Line: 16, Col: 3): Error calling workflow 'entur/gha-security/.github/workflows/code-scan.yml@v2'. The nested job 'semgrep-analysis' is requesting 'contents: write', but is only allowed 'contents: read'.
name: CodeQL Scan
uses: entur/gha-security/.github/workflows/code-scan.yml@v2
permissions:
contents: read
security-events: write
actions: read
pull-requests: read
with:
use_setup_java: true
use_maven_cache: true
java_version: "25"