From b2c89aa572badc7a3073a47554f392b0b1c99e2c Mon Sep 17 00:00:00 2001 From: Cindy Hill <110551331+cinderellasecure@users.noreply.github.com> Date: Mon, 3 Nov 2025 13:28:31 -0700 Subject: [PATCH 1/4] Potential fix for code scanning alert no. 8: Workflow does not contain permissions Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> --- .github/workflows/sample-workflow-ubuntu-latest.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/sample-workflow-ubuntu-latest.yml b/.github/workflows/sample-workflow-ubuntu-latest.yml index ded2258..c9aa799 100644 --- a/.github/workflows/sample-workflow-ubuntu-latest.yml +++ b/.github/workflows/sample-workflow-ubuntu-latest.yml @@ -11,6 +11,9 @@ on: jobs: sample: name: Open Source Static Analysis Runner + permissions: + contents: read + security-events: write # OSSAR runs on windows-latest. # ubuntu-latest and macos-latest supporting coming soon From e276eaf950ef76587447eea4633f041202922f6a Mon Sep 17 00:00:00 2001 From: Cindy Hill <110551331+cinderellasecure@users.noreply.github.com> Date: Mon, 3 Nov 2025 13:28:32 -0700 Subject: [PATCH 2/4] Potential fix for code scanning alert no. 6: Workflow does not contain permissions Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> --- .github/workflows/sample-workflow-windows-latest.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/sample-workflow-windows-latest.yml b/.github/workflows/sample-workflow-windows-latest.yml index 2533dc7..6a04b5b 100644 --- a/.github/workflows/sample-workflow-windows-latest.yml +++ b/.github/workflows/sample-workflow-windows-latest.yml @@ -11,6 +11,8 @@ on: jobs: sample: name: Open Source Static Analysis Runner + permissions: + contents: read # OSSAR runs on windows-latest. # ubuntu-latest and macos-latest supporting coming soon From efad30daaf8f175a795638b62c55293c52c627da Mon Sep 17 00:00:00 2001 From: Cindy Hill <110551331+cinderellasecure@users.noreply.github.com> Date: Mon, 3 Nov 2025 13:28:32 -0700 Subject: [PATCH 3/4] Potential fix for code scanning alert no. 7: Workflow does not contain permissions Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> --- .github/workflows/on-push-verification.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/on-push-verification.yml b/.github/workflows/on-push-verification.yml index 26957cd..112f402 100644 --- a/.github/workflows/on-push-verification.yml +++ b/.github/workflows/on-push-verification.yml @@ -1,6 +1,8 @@ # pull request action verification name: OSSAR on-push-verification windows-latest +permissions: + contents: read on: push jobs: From 7370828ecc89c8f3ae42a2273bbdee8b354a9f95 Mon Sep 17 00:00:00 2001 From: Jason White Date: Thu, 6 Nov 2025 13:17:58 -0700 Subject: [PATCH 4/4] Update .github/workflows/sample-workflow-windows-latest.yml Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --- .github/workflows/sample-workflow-windows-latest.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/sample-workflow-windows-latest.yml b/.github/workflows/sample-workflow-windows-latest.yml index 6a04b5b..899459f 100644 --- a/.github/workflows/sample-workflow-windows-latest.yml +++ b/.github/workflows/sample-workflow-windows-latest.yml @@ -13,6 +13,7 @@ jobs: name: Open Source Static Analysis Runner permissions: contents: read + security-events: write # OSSAR runs on windows-latest. # ubuntu-latest and macos-latest supporting coming soon