Merge pull request #5954 from ministryofjustice/fix/token-permissions…

…-vuln added top-level permissions to fix code scanning vuln
ministryofjustice · Jan 11, 2024 · 698ffd9 · 698ffd9
2 parents 8acca16 + cc3433f
commit 698ffd9
Showing 1 changed file with 6 additions and 1 deletion.
diff --git a/.github/workflows/notify-user-new-environment-created.yml b/.github/workflows/notify-user-new-environment-created.yml
@@ -5,10 +5,15 @@ on:
   issues:
     types:
       - closed
+
+permissions:
+  contents: read
+
 jobs:
   send-message:
     runs-on: ubuntu-latest
-
+    permissions:
+      contents: write
     steps:
       - name: Check out repository
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1