From 9d9e9e5c53e2fcf340cc5f1d1889e9561c30daa7 Mon Sep 17 00:00:00 2001 From: Alex Date: Sun, 25 Sep 2022 19:13:42 +0200 Subject: [PATCH] build: harden dependency-graph.yml permissions Signed-off-by: Alex --- .github/workflows/dependency-graph.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/dependency-graph.yml b/.github/workflows/dependency-graph.yml index 7caea8278..0ab49c9b3 100644 --- a/.github/workflows/dependency-graph.yml +++ b/.github/workflows/dependency-graph.yml @@ -3,8 +3,12 @@ name: Submit Dependency Graph on: push: branches: [1.7.x] # default branch of the project +permissions: {} jobs: submit-graph: + permissions: + contents: write # to submit the dependency graph + name: Submit Dependency Graph runs-on: ubuntu-latest # or windows-latest, or macOS-latest steps: