From 7e24d428d92b44614d4b4dccd8d1118e8d30ca55 Mon Sep 17 00:00:00 2001
From: Tuomas Katila <tuomas.katila@intel.com>
Date: Tue, 17 Dec 2024 10:23:54 +0200
Subject: [PATCH] workflow: declare trivy's permissions within the job

Signed-off-by: Tuomas Katila <tuomas.katila@intel.com>
---
 .github/workflows/trivy-periodic.yaml | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/trivy-periodic.yaml b/.github/workflows/trivy-periodic.yaml
index 631e51e01..e5eec8b00 100644
--- a/.github/workflows/trivy-periodic.yaml
+++ b/.github/workflows/trivy-periodic.yaml
@@ -6,15 +6,12 @@ on:
     branches:
       - main
 
-permissions:
-  contents: read
-  security-events: write
-  actions: read
-
 jobs:
   trivy-scan-vulns:
     permissions:
+      contents: read
       security-events: write
+      actions: read
     runs-on: ubuntu-24.04
     name: Scan vulnerabilities
     steps: