Skip to content

Potential fix for code scanning alert no. 4: Workflow does not contain permissions#69

Merged
Teester merged 1 commit into
masterfrom
alert-autofix-4
Oct 17, 2025
Merged

Potential fix for code scanning alert no. 4: Workflow does not contain permissions#69
Teester merged 1 commit into
masterfrom
alert-autofix-4

Conversation

@Teester

@Teester Teester commented Oct 17, 2025

Copy link
Copy Markdown
Owner

Potential fix for https://github.com/Teester/entityshape/security/code-scanning/4

To fix the problem, add a permissions block with the minimum required privileges for this workflow, either at the workflow root (top level, after name: but before jobs:) to cover all jobs, or at the jobs.build section for just that job. Since there's only one job, it's simplest and most robust to add a root-level permissions: block, immediately after the name: entry (line 4). The minimal starting point CodeQL recommends is contents: read. However, if any of the steps (e.g., SonarCloud, Codecov) require more than read access, you may need to later expand permissions to include e.g. pull-requests: write or issues: write, but for the detected problem a starting point of contents: read suffices. No imports, methods, or definitions are required.

Suggested fixes powered by Copilot Autofix. Review carefully before merging.

…n permissions

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
@sonarqubecloud

Copy link
Copy Markdown

@Teester Teester marked this pull request as ready for review October 17, 2025 22:15
@Teester Teester merged commit a1c50ab into master Oct 17, 2025
6 checks passed
@codecov

codecov Bot commented Oct 17, 2025

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 92.17%. Comparing base (3b3420a) to head (06f01a2).
⚠️ Report is 2 commits behind head on master.

Additional details and impacted files

Impacted file tree graph

@@           Coverage Diff           @@
##           master      #69   +/-   ##
=======================================
  Coverage   92.17%   92.17%           
=======================================
  Files          11       11           
  Lines        1418     1418           
=======================================
  Hits         1307     1307           
  Misses        111      111           

Continue to review full report in Codecov by Sentry.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 3b3420a...06f01a2. Read the comment docs.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@Teester Teester deleted the alert-autofix-4 branch October 17, 2025 22:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant