From fc894556bbee2cb95d6a59f1f428e81fdcaa49ac Mon Sep 17 00:00:00 2001
From: Tommy <contact@tommytran.io>
Date: Wed, 12 Jun 2024 01:07:46 -0700
Subject: [PATCH] More granular permission control

Signed-off-by: Tommy <contact@tommytran.io>
---
 .github/workflows/build.yml | 2 ++
 .github/workflows/scan.yml  | 2 ++
 2 files changed, 4 insertions(+)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index fb2a0cb..0c5a4a0 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -70,6 +70,8 @@ jobs:
   scan:
     name: Scan current image & report results
     needs: build
+    permissions:
+      security-events: write
     runs-on: "ubuntu-latest"
     steps:
       - name: Run Trivy vulnerability scanner
diff --git a/.github/workflows/scan.yml b/.github/workflows/scan.yml
index 8e83ad1..44235fa 100644
--- a/.github/workflows/scan.yml
+++ b/.github/workflows/scan.yml
@@ -9,6 +9,8 @@ on:
 jobs:
   scan:
     name: Scan current image & report results
+    permissions:
+      security-events: write
     runs-on: "ubuntu-latest"
     steps:
       - name: Run Trivy vulnerability scanner