Skip to content

Potential fix for code scanning alert no. 1: Workflow does not contain permissions#280

Merged
kisielk merged 1 commit into
masterfrom
alert-autofix-1
May 12, 2026
Merged

Potential fix for code scanning alert no. 1: Workflow does not contain permissions#280
kisielk merged 1 commit into
masterfrom
alert-autofix-1

Conversation

@kisielk
Copy link
Copy Markdown
Owner

@kisielk kisielk commented May 12, 2026

Potential fix for https://github.com/kisielk/errcheck/security/code-scanning/1

Add an explicit permissions block to the workflow so the token is least-privileged regardless of repo/org defaults.

Best fix here: add permissions: contents: read at the workflow root (near on:), which applies to all jobs unless overridden. This preserves existing functionality (actions/checkout and Go build/test only need read access) and documents intent.

File to edit:

  • .github/workflows/errcheck.yml
    Change region:
  • Insert permissions: block between trigger section and jobs:.

No imports, methods, or dependencies are needed.

Suggested fixes powered by Copilot Autofix. Review carefully before merging.

@kisielk @github-advanced-security
Potential fix for code scanning alert no. 1: Workflow does not contai…
e7d2684 
…n permissions

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
@kisielk kisielk marked this pull request as ready for review May 12, 2026 20:19
@kisielk kisielk merged commit 6e4cd89 into master May 12, 2026
5 checks passed
@kisielk kisielk deleted the alert-autofix-1 branch May 12, 2026 20:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@echlebek echlebek echlebek approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@kisielk @echlebek