Skip to content

Potential fix for code scanning alert no. 2: Workflow does not contain permissions#86

Merged
yeison-liscano merged 1 commit intomainfrom
alert-autofix-2
Apr 23, 2026
Merged

Potential fix for code scanning alert no. 2: Workflow does not contain permissions#86
yeison-liscano merged 1 commit intomainfrom
alert-autofix-2

Conversation

@yeison-liscano
Copy link
Copy Markdown
Owner

@yeison-liscano yeison-liscano commented Apr 23, 2026

Potential fix for https://github.com/yeison-liscano/http_mcp/security/code-scanning/2

Add an explicit permissions block at the workflow root so all jobs inherit minimal required access unless overridden.
For this workflow, the best non-breaking default is:

  • contents: read

This supports actions/checkout and keeps token privileges constrained.
Change .github/workflows/sca-scan.yml right after the on section and before jobs.

No imports, methods, or dependencies are needed—just YAML configuration.

Suggested fixes powered by Copilot Autofix. Review carefully before merging.

@yeison-liscano @github-advanced-security
Potential fix for code scanning alert no. 2: Workflow does not contai…
807cdcf 
…n permissions

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
@yeison-liscano yeison-liscano marked this pull request as ready for review April 23, 2026 02:45
@yeison-liscano yeison-liscano merged commit 2ae5477 into main Apr 23, 2026
6 of 7 checks passed
@yeison-liscano yeison-liscano deleted the alert-autofix-2 branch April 23, 2026 02:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@yeison-liscano