Conversation
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| name: CI | ||
| runs-on: ubuntu-latest | ||
|
|
||
| steps: | ||
| - uses: actions/checkout@v4 | ||
|
|
||
| - name: Set up .NET Core | ||
| uses: actions/setup-dotnet@v4 | ||
| with: | ||
| dotnet-version: 8.0 | ||
|
|
||
| - name: Build with dotnet | ||
| run: dotnet build --configuration Release | ||
|
|
||
| - name: dotnet publish | ||
| run: dotnet publish src/GitHubActionsDotNet.Api/GitHubActionsDotNet.Api.csproj --configuration Release -o artifacts |
Check warning
Code scanning / CodeQL
Workflow does not contain permissions Medium
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 5 months ago
The best way to fix this issue is to add a permissions: block at the appropriate level to limit the default permissions of the workflow. In this case, since the workflow is a typical CI job that checks out code and builds it—without performing writing operations to the repository or interacting with pull requests—the minimal necessary permission is contents: read. This can be set at the root of the workflow file (immediately after the name: and before on:) to apply to all jobs unless any require a different set. No other modifications, imports, or additional definitions are needed.
Specifically, insert the following at line 2:
permissions:
contents: read| @@ -1,4 +1,6 @@ | ||
| name: CI | ||
| permissions: | ||
| contents: read | ||
|
|
||
| on: | ||
| push: |
1 participant
No description provided.