From effa1c919216e39ce5bb186d1ca2cdf8f4f99c77 Mon Sep 17 00:00:00 2001
From: StepSecurity Bot <bot@stepsecurity.io>
Date: Tue, 4 Feb 2025 01:30:36 -0800
Subject: [PATCH] [StepSecurity] ci: Harden GitHub Actions (#178)

Signed-off-by: StepSecurity Bot <bot@stepsecurity.io>
---
 .github/workflows/codeql-analysis.yml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index 91d0184..381de43 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -19,6 +19,9 @@ on:
   schedule:
     - cron: '0 15 * * 5'
 
+permissions:
+  contents: read
+
 jobs:
   analyze:
     name: Analyze