From c50c85242bafb018595da0de02ad1589749f48c9 Mon Sep 17 00:00:00 2001
From: Oliver Wolff <23139298+cuioss@users.noreply.github.com>
Date: Tue, 3 Feb 2026 10:12:31 +0100
Subject: [PATCH] fix: add top-level permissions to maven.yml

Add `permissions: contents: read` to resolve OpenSSF Scorecard
TokenPermissionsID alert requiring top-level permission definition.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---
 .github/workflows/maven.yml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.github/workflows/maven.yml b/.github/workflows/maven.yml
index 722f44d..bd37d21 100644
--- a/.github/workflows/maven.yml
+++ b/.github/workflows/maven.yml
@@ -9,6 +9,9 @@ on:
     branches: [main]
   workflow_dispatch:
 
+permissions:
+  contents: read
+
 jobs:
   build:
     # Run on push events, OR on pull_request only if from a fork