Potential fix for code scanning alert no. 1: Workflow does not contain permissions #5

Merged

twodarek merged 2 commits from alert-autofix-1 into main

2025-10-12 06:23:43 +00:00

twodarek commented

2025-10-12 06:17:57 +00:00

(Migrated from github.com)

Potential fix for https://github.com/twodarek/arin-waitlist-prom/security/code-scanning/1

To fix this problem, we should add an explicit permissions block specifying minimal required privileges for the workflow. Since the steps only involve checking out code, setting up Go, building, and testing (none of which require write access to the repository content or administrative permissions), the least privileged permission is contents: read. The fix is to add a permissions section either at the workflow root (so it applies globally to all jobs unless overridden), or directly inside the build job. The best practice is to add it at the workflow root, immediately after the workflow name: declaration and before the triggers (on:), e.g., after line 4.

Suggested fixes powered by Copilot Autofix. Review carefully before merging.

Potential fix for [https://github.com/twodarek/arin-waitlist-prom/security/code-scanning/1](https://github.com/twodarek/arin-waitlist-prom/security/code-scanning/1) To fix this problem, we should add an explicit `permissions` block specifying minimal required privileges for the workflow. Since the steps only involve checking out code, setting up Go, building, and testing (none of which require write access to the repository content or administrative permissions), the least privileged permission is `contents: read`. The fix is to add a `permissions` section either at the workflow root (so it applies globally to all jobs unless overridden), or directly inside the `build` job. The best practice is to add it at the workflow root, immediately after the workflow `name:` declaration and before the triggers (`on:`), e.g., after line 4. _Suggested fixes powered by Copilot Autofix. Review carefully before merging._