From eec0ec2c9ccf8070930a6627d7a15ebf0cc91867 Mon Sep 17 00:00:00 2001
From: Oksana Salyk <oksana.salyk@hpe.com>
Date: Thu, 30 Jan 2025 10:03:30 +0100
Subject: [PATCH] common: add some permissions

---
 .github/workflows/scan_coverage.yml | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/scan_coverage.yml b/.github/workflows/scan_coverage.yml
index 6be2314d7e..c6cb1500c5 100644
--- a/.github/workflows/scan_coverage.yml
+++ b/.github/workflows/scan_coverage.yml
@@ -7,6 +7,11 @@ on:
       CODECOV_TOKEN:
         required: true
 
+permissions:
+  actions: read
+  contents: read
+  security-events: write
+
 env:
   # Note: All coverage scans, e.g. on pull requests, should be run in the same
   # environment.
@@ -24,8 +29,6 @@ env:
   TEST_BUILD:   debug
   FAULT_INJECTION: 1
 
-permissions: {}
-
 jobs:
   linux:
     name: Linux