ci(github): Fix permissions to upload SARIF results

See [1]. [1]: https://docs.github.com/en/code-security/code-scanning/integrating-with-code-scanning/uploading-a-sarif-file-to-github#example-workflow-for-sarif-files-generated-outside-of-a-repository Signed-off-by: Sebastian Schuberth <[email protected]>
oss-review-toolkit · May 10, 2024 · 6298797 · 6298797
1 parent a1ac10a
commit 6298797
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/.github/workflows/static-analysis.yml b/.github/workflows/static-analysis.yml
@@ -35,6 +35,8 @@ jobs:
       run: ./gradlew checkCopyrightsInNoticeFile checkLicenseHeaders checkGitAttributes
   detekt-issues:
     runs-on: ubuntu-22.04
+    permissions:
+      security-events: write
     steps:
     - name: Checkout Repository
       uses: actions/checkout@v4
@@ -79,6 +81,8 @@ jobs:
   qodana-scan:
     if: ${{ github.event_name == 'pull_request' }}
     runs-on: ubuntu-22.04
+    permissions:
+      security-events: write
     steps:
     - name: Checkout Repository
       uses: actions/checkout@v4