Skip to content

Potential fix for code scanning alert no. 1: Workflow does not contain permissions#712

Closed
softartdev wants to merge 1 commit into
masterfrom
alert-autofix-1
Closed

Potential fix for code scanning alert no. 1: Workflow does not contain permissions#712
softartdev wants to merge 1 commit into
masterfrom
alert-autofix-1

Conversation

@softartdev
Copy link
Copy Markdown
Owner

@softartdev softartdev commented Apr 18, 2026

Potential fix for https://github.com/softartdev/NoteDelight/security/code-scanning/1

Add an explicit permissions block in .github/workflows/ios.yml at the workflow root (top-level, alongside name and on) so it applies to all jobs unless overridden. The minimal safe setting from CodeQL guidance is:

  • contents: read

This preserves current behavior for checkout and typical read operations while ensuring the token is not implicitly granted broader rights. No imports, methods, or dependencies are needed since this is YAML configuration only.

Suggested fixes powered by Copilot Autofix. Review carefully before merging.

@softartdev @github-advanced-security
Potential fix for code scanning alert no. 1: Workflow does not contai…
a4b43f6 
…n permissions

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
@softartdev softartdev marked this pull request as ready for review April 18, 2026 04:34
@softartdev softartdev closed this Apr 18, 2026
@softartdev softartdev deleted the alert-autofix-1 branch April 18, 2026 23:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@softartdev