workflow: declare trivy's permissions within the job

Signed-off-by: Tuomas Katila <[email protected]>
tkatila · Dec 17, 2024 · 7ab4dfc · 7ab4dfc
1 parent 33e83cf
commit 7ab4dfc
Showing 1 changed file with 2 additions and 5 deletions.
diff --git a/.github/workflows/trivy-periodic.yaml b/.github/workflows/trivy-periodic.yaml
@@ -6,15 +6,12 @@ on:
     branches:
       - main
 
-permissions:
-  contents: read
-  security-events: write
-  actions: read
-
 jobs:
   trivy-scan-vulns:
     permissions:
+      contents: read
       security-events: write
+      actions: read
     runs-on: ubuntu-24.04
     name: Scan vulnerabilities
     steps: