From b5cc31fae23e165d815799a0a92a0a0b62510e38 Mon Sep 17 00:00:00 2001
From: Adnan Khan <AdnaneKhan@users.noreply.github.com>
Date: Mon, 20 Oct 2025 18:04:43 -0400
Subject: [PATCH 1/2] Scope down GitHub token permissions for trufflehog.yml

---
 .github/workflows/trufflehog.yml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/.github/workflows/trufflehog.yml b/.github/workflows/trufflehog.yml
index 662a317..590d976 100644
--- a/.github/workflows/trufflehog.yml
+++ b/.github/workflows/trufflehog.yml
@@ -1,5 +1,9 @@
 name: TruffleHog
 on: [pull_request]
+
+permissions:
+  contents: read
+
 jobs:
   TruffleHog:
     name: TruffleHog

From 82a7a60713550fe2d520ac048423bb9eb3312bd3 Mon Sep 17 00:00:00 2001
From: Adnan Khan <AdnaneKhan@users.noreply.github.com>
Date: Mon, 20 Oct 2025 18:04:46 -0400
Subject: [PATCH 2/2] Scope down GitHub token permissions for run-tests.yml

---
 .github/workflows/run-tests.yml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/.github/workflows/run-tests.yml b/.github/workflows/run-tests.yml
index 83c4207..44b9f60 100644
--- a/.github/workflows/run-tests.yml
+++ b/.github/workflows/run-tests.yml
@@ -6,6 +6,10 @@ on:
   pull_request:
     branches: [ "main" ]
 
+
+permissions:
+  contents: read
+
 jobs:
   build:
     name: Run tests