From 288a37f23a9c75363fe61ac30143b8a9a3908112 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=C3=89ric=20Falconnier?= <eric@zentral.com>
Date: Wed, 28 Aug 2024 16:46:08 +0200
Subject: [PATCH] Fix osv-scanner workflow

---
 .github/workflows/osv-scanner.yml | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/osv-scanner.yml b/.github/workflows/osv-scanner.yml
index 7543513411..bb78d7da5f 100644
--- a/.github/workflows/osv-scanner.yml
+++ b/.github/workflows/osv-scanner.yml
@@ -17,10 +17,9 @@ on:
     branches: [ "main" ]
 
 permissions:
-  # Require writing security events to upload SARIF file to security tab
-  security-events: write
-  # Read commit contents
-  contents: read
+  actions: read
+  contents: read # to fetch code (actions/checkout)
+  security-events: write # for uploading SARIF files
 
 jobs:
   scan-scheduled: