Skip to content

Potential fix for code scanning alert no. 8: Workflow does not contain permissions#11

Merged
Gabrielx47 merged 1 commit into
mainfrom
alert-autofix-8
Jul 14, 2026
Merged

Potential fix for code scanning alert no. 8: Workflow does not contain permissions#11
Gabrielx47 merged 1 commit into
mainfrom
alert-autofix-8

Conversation

@Gabrielx47

Copy link
Copy Markdown
Owner

Potential fix for https://github.com/Gabrielx47/request-manager/security/code-scanning/8

Add an explicit workflow-level permissions block with least privilege, so all jobs inherit restricted token access unless overridden.

Best fix for this file: in .github/workflows/sonarqube.yml, insert:

  • permissions:
  • contents: read

near the top level (after on: block and before jobs:).
This preserves existing behavior for checkout and scanning while ensuring the token is not implicitly over-privileged. No imports, methods, or dependencies are needed.

Suggested fixes powered by Copilot Autofix. Review carefully before merging.

…n permissions

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
@Gabrielx47 Gabrielx47 self-assigned this Jul 10, 2026
@Gabrielx47 Gabrielx47 added the fix label Jul 10, 2026
@sonarqubecloud

Copy link
Copy Markdown

@sonarqubecloud

Copy link
Copy Markdown

@sonarqubecloud

Copy link
Copy Markdown

@Gabrielx47 Gabrielx47 left a comment

Copy link
Copy Markdown
Owner Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Alteração verificada.

@Gabrielx47 Gabrielx47 linked an issue Jul 14, 2026 that may be closed by this pull request
@Gabrielx47 Gabrielx47 marked this pull request as ready for review July 14, 2026 01:34
@Gabrielx47 Gabrielx47 merged commit c25275d into main Jul 14, 2026
8 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Configurar análise estática de código com SonarQube

1 participant