Skip to content

Potential fix for code scanning alert no. 7: Workflow does not contain permissions#19

Merged
reach2sayan merged 3 commits into
mainfrom
alert-autofix-7
Jun 29, 2026
Merged

Potential fix for code scanning alert no. 7: Workflow does not contain permissions#19
reach2sayan merged 3 commits into
mainfrom
alert-autofix-7

Conversation

@reach2sayan

Copy link
Copy Markdown
Owner

Potential fix for https://github.com/reach2sayan/ExpressionDifferentiator/security/code-scanning/7

Add an explicit permissions block to the workflow so the GITHUB_TOKEN is least-privileged.
Best fix here: define workflow-level permissions right after the on block:

  • contents: read

This is sufficient for actions/checkout@v4 and does not change behavior of the benchmark steps. Since no job appears to need write scopes, avoid granting them.
File to edit: .github/workflows/benchmark-manual.yml near the top-level keys (name, on, jobs).

Suggested fixes powered by Copilot Autofix. Review carefully before merging.

…n permissions

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
@reach2sayan reach2sayan marked this pull request as ready for review June 29, 2026 10:40
@reach2sayan reach2sayan self-assigned this Jun 29, 2026
@reach2sayan reach2sayan merged commit 9e2b86c into main Jun 29, 2026
6 checks passed
@reach2sayan reach2sayan deleted the alert-autofix-7 branch June 29, 2026 14:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant