From aef938964d0fc421517547cd58482ca53f94b8b8 Mon Sep 17 00:00:00 2001
From: Chaminda Divitotawela <cdivitotawela@users.noreply.github.com>
Date: Tue, 18 Jun 2024 11:42:50 +1000
Subject: [PATCH] fix: workflow permission to upload trivy sarif report (#7234)

Trivy scan result upload to GitHub fails due to permission issue. Added permission security-events=write to the workflow file as a fix. Since workflow permission explicitly defined, it requires contents=read explicity set as well

Signed-off-by: Chaminda Divitotawela <cdivitotawela@gmail.com>
---
 .github/workflows/container-security-scan.yml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.github/workflows/container-security-scan.yml b/.github/workflows/container-security-scan.yml
index 85065c828cc..f945d13220d 100644
--- a/.github/workflows/container-security-scan.yml
+++ b/.github/workflows/container-security-scan.yml
@@ -14,6 +14,9 @@ on:
 jobs:
   scan-sarif:
     runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      security-events: write
 
     steps:
       - name: Checkout