diff --git a/.github/workflows/charts.yml b/.github/workflows/charts.yml index ec7c1ac..099b2b9 100644 --- a/.github/workflows/charts.yml +++ b/.github/workflows/charts.yml @@ -23,7 +23,6 @@ jobs: chart: runs-on: ubuntu-latest permissions: - id-token: write pages: write security-events: write contents: write @@ -97,6 +96,11 @@ jobs: with: sarif_file: 'trivy-results.sarif' + dependency-review: + uses: saidsef/saidsef/.github/workflows/dependency-review.yaml@main + if: ${{ github.event_name == 'pull_request' }} + needs: [chart] + k8s-test: runs-on: ubuntu-latest needs: [chart] diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index ee9e04a..b59a7f7 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -14,7 +14,6 @@ jobs: runs-on: ubuntu-latest permissions: security-events: write - id-token: write steps: - name: "Checkout code" uses: actions/checkout@v4 diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index f6832df..9f7734a 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -3,9 +3,13 @@ on: schedule: - cron: '30 3 * * *' +permissions: read-all + jobs: stale: runs-on: ubuntu-latest + permissions: + issues: write steps: - uses: actions/stale@v9 with: