Skip to content

Potential fix for code scanning alert no. 2: Workflow does not contain permissions#711

Closed
softartdev wants to merge 1 commit into
masterfrom
alert-autofix-2
Closed

Potential fix for code scanning alert no. 2: Workflow does not contain permissions#711
softartdev wants to merge 1 commit into
masterfrom
alert-autofix-2

Conversation

@softartdev
Copy link
Copy Markdown
Owner

@softartdev softartdev commented Apr 18, 2026

Potential fix for https://github.com/softartdev/NoteDelight/security/code-scanning/2

Add an explicit permissions block in .github/workflows/android.yml to restrict GITHUB_TOKEN to the least privilege needed.
Best single fix here is to define permissions at the workflow root so it applies to all jobs consistently (current file has one job, but this is safer for future additions). Start with:

  • contents: read (minimal recommended baseline)

This does not change workflow functionality for the shown steps and satisfies CodeQL’s requirement for explicit token scoping.

Suggested fixes powered by Copilot Autofix. Review carefully before merging.

@softartdev @github-advanced-security
Potential fix for code scanning alert no. 2: Workflow does not contai…
436ebf8 
…n permissions

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
@softartdev softartdev marked this pull request as ready for review April 18, 2026 04:32
@softartdev softartdev closed this Apr 18, 2026
@softartdev softartdev deleted the alert-autofix-2 branch April 18, 2026 23:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@softartdev