Merge pull request #2746 from step-security-bot/stepsecurity_remediation_1729119248

jandubois · web-flow · commit 536a9547cc9f · 2024-10-16T16:20:59.000-07:00
[StepSecurity] ci: Harden GitHub Actions
diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml
@@ -9,6 +9,9 @@ on:
   - cron: '33 19 * * 5'
   workflow_dispatch:
 
+permissions:
+  contents: read
+
 jobs:
   analyze:
     name: Analyze (${{ matrix.language }})
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -13,6 +13,9 @@ on:
     - 'master'
 env:
   GO111MODULE: on
+permissions:
+  contents: read
+
 jobs:
   artifacts-darwin:
     name: Artifacts Darwin
