Merge branch 'main' of https://github.com/microsoft/security-devops-action into release/vNext

davidknise · davidknise · commit 0af17f1a739a · 2023-06-22T14:35:05.000-07:00
diff --git a/.github/workflows/on-push-verification.yml b/.github/workflows/on-push-verification.yml
@@ -6,6 +6,9 @@ on:
     branches:
       - '*'
 
+permissions:
+  security-events: write
+
 jobs:
   sample:
     name: MSDO on ${{ matrix.os }}
diff --git a/.github/workflows/sample-workflow.yml b/.github/workflows/sample-workflow.yml
@@ -4,6 +4,9 @@ on:
     branches:
       - main
 
+permissions:
+  security-events: write
+
 jobs:
   sample:
     name: MSDO on ${{ matrix.os }}
diff --git a/README.md b/README.md
@@ -25,6 +25,9 @@ See [action.yml](action.yml)
 Run **Microsoft Security DevOps (MSDO)** with the default policy and recommended tools.
 
 ```yaml
+permissions:
+  security-events: write
+
 steps:
 
 - uses: actions/checkout@v3
diff --git a/action.yml b/action.yml
@@ -15,10 +15,10 @@ inputs:
   languages:
     description: A comma separated list of languages to analyze. Example javascript, typescript. Defaults to all.
   tools:
-    description: A comma separated list of analyzer tools to run. Example bandit, binskim, eslint, template-analyzer, terrascan, trivy.
+    description: A comma separated list of analyzer tools to run. Example bandit, binskim, eslint, templateanalyzer, terrascan, trivy.
 outputs:
   sarifFile:
     description: A file path to a SARIF results file.
 runs:
   using: 'node16'
-  main: 'lib/action.js'
+  main: 'lib/action.js'
