Skip to content

Potential fix for code scanning alert no. 6: Workflow does not contain permissions #875

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
lenucksi wants to merge 1 commit into
base: main
Choose a base branch
from
Draft

Potential fix for code scanning alert no. 6: Workflow does not contain permissions #875

lenucksi wants to merge 1 commit into from

Conversation

@lenucksi
Copy link
Member

@lenucksi lenucksi commented Nov 25, 2025

Potential fix for https://github.com/InnerSourceCommons/InnerSourcePatterns/security/code-scanning/6

To fix the problem, add a permissions block to the workflow file at the job or root level, specifying the least privileges required for the workflow to operate. In this case, the workflow reads repository contents and uses gh to create and comment on issues. Therefore, you should set contents: read and issues: write. Place the permissions block at the root level so it applies to all jobs, typically immediately under the name field, before the on: field.

Specific steps:

  • In the file .github/workflows/i18n-consistency-checker.yaml

  • Insert the following block after name: i18n Consistency Check (line 6):

    permissions:
  contents: read
  issues: write

No other code, imports, or settings need to be changed.

Suggested fixes powered by Copilot Autofix. Review carefully before merging.

@lenucksi @github-advanced-security
Potential fix for code scanning alert no. 6: Workflow does not contai…
443f455 
…n permissions

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
@github-actions github-actions bot mentioned this pull request Dec 1, 2025
Open
@spier spier added the Type - Maintenance / Cleanup Maintaining / cleaning the repo is the main focus of this issue / PR label Dec 16, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@NewMexicoKid NewMexicoKid Awaiting requested review from NewMexicoKid NewMexicoKid will be requested when the pull request is marked ready for review NewMexicoKid is a code owner

@cewilliams cewilliams Awaiting requested review from cewilliams cewilliams will be requested when the pull request is marked ready for review cewilliams is a code owner

@spier spier Awaiting requested review from spier spier will be requested when the pull request is marked ready for review spier is a code owner

@robtuley robtuley Awaiting requested review from robtuley robtuley will be requested when the pull request is marked ready for review robtuley is a code owner

@yuhattor yuhattor Awaiting requested review from yuhattor yuhattor will be requested when the pull request is marked ready for review yuhattor is a code owner

Assignees

No one assigned

Labels

Type - Maintenance / Cleanup Maintaining / cleaning the repo is the main focus of this issue / PR

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@lenucksi @spier