Added required permissions in the action example

snyk · Aug 7, 2023 · b23652d · b23652d
1 parent d1ee3d7
commit b23652d
Show file tree

Hide file tree

Showing 19 changed files with 114 additions and 0 deletions.
diff --git a/_templates/README.md.erb b/_templates/README.md.erb
@@ -60,6 +60,12 @@ name: Example workflow for <%= @name %> using Snyk
 on: push
 jobs:
   security:
+    permissions:
+      # required for all workflows
+      security-events: write
+      # only required for workflows in private repositories
+      actions: read
+      contents: read
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@master

diff --git a/cocoapods/README.md b/cocoapods/README.md
@@ -60,6 +60,12 @@ name: Example workflow for CocoaPods using Snyk
 on: push
 jobs:
   security:
+    permissions:
+      # required for all workflows
+      security-events: write
+      # only required for workflows in private repositories
+      actions: read
+      contents: read
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@master

diff --git a/dotnet/README.md b/dotnet/README.md
@@ -60,6 +60,12 @@ name: Example workflow for dotNET using Snyk
 on: push
 jobs:
   security:
+    permissions:
+      # required for all workflows
+      security-events: write
+      # only required for workflows in private repositories
+      actions: read
+      contents: read
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@master

diff --git a/golang/README.md b/golang/README.md
@@ -60,6 +60,12 @@ name: Example workflow for Golang using Snyk
 on: push
 jobs:
   security:
+    permissions:
+      # required for all workflows
+      security-events: write
+      # only required for workflows in private repositories
+      actions: read
+      contents: read
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@master

diff --git a/gradle-jdk11/README.md b/gradle-jdk11/README.md
@@ -60,6 +60,12 @@ name: Example workflow for Gradle using Snyk
 on: push
 jobs:
   security:
+    permissions:
+      # required for all workflows
+      security-events: write
+      # only required for workflows in private repositories
+      actions: read
+      contents: read
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@master

diff --git a/gradle-jdk12/README.md b/gradle-jdk12/README.md
@@ -60,6 +60,12 @@ name: Example workflow for Gradle using Snyk
 on: push
 jobs:
   security:
+    permissions:
+      # required for all workflows
+      security-events: write
+      # only required for workflows in private repositories
+      actions: read
+      contents: read
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@master

diff --git a/gradle-jdk14/README.md b/gradle-jdk14/README.md
@@ -60,6 +60,12 @@ name: Example workflow for Gradle using Snyk
 on: push
 jobs:
   security:
+    permissions:
+      # required for all workflows
+      security-events: write
+      # only required for workflows in private repositories
+      actions: read
+      contents: read
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@master

diff --git a/gradle-jdk16/README.md b/gradle-jdk16/README.md
@@ -60,6 +60,12 @@ name: Example workflow for Gradle using Snyk
 on: push
 jobs:
   security:
+    permissions:
+      # required for all workflows
+      security-events: write
+      # only required for workflows in private repositories
+      actions: read
+      contents: read
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@master

diff --git a/gradle/README.md b/gradle/README.md
@@ -60,6 +60,12 @@ name: Example workflow for Gradle using Snyk
 on: push
 jobs:
   security:
+    permissions:
+      # required for all workflows
+      security-events: write
+      # only required for workflows in private repositories
+      actions: read
+      contents: read
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@master

diff --git a/maven-3-jdk-11/README.md b/maven-3-jdk-11/README.md
@@ -60,6 +60,12 @@ name: Example workflow for Maven using Snyk
 on: push
 jobs:
   security:
+    permissions:
+      # required for all workflows
+      security-events: write
+      # only required for workflows in private repositories
+      actions: read
+      contents: read
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@master

diff --git a/maven/README.md b/maven/README.md
@@ -60,6 +60,12 @@ name: Example workflow for Maven using Snyk
 on: push
 jobs:
   security:
+    permissions:
+      # required for all workflows
+      security-events: write
+      # only required for workflows in private repositories
+      actions: read
+      contents: read
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@master

diff --git a/node/README.md b/node/README.md
@@ -60,6 +60,12 @@ name: Example workflow for Node using Snyk
 on: push
 jobs:
   security:
+    permissions:
+      # required for all workflows
+      security-events: write
+      # only required for workflows in private repositories
+      actions: read
+      contents: read
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@master

diff --git a/php/README.md b/php/README.md
@@ -60,6 +60,12 @@ name: Example workflow for PHP using Snyk
 on: push
 jobs:
   security:
+    permissions:
+      # required for all workflows
+      security-events: write
+      # only required for workflows in private repositories
+      actions: read
+      contents: read
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@master

diff --git a/python-3.6/README.md b/python-3.6/README.md
@@ -60,6 +60,12 @@ name: Example workflow for Python using Snyk
 on: push
 jobs:
   security:
+    permissions:
+      # required for all workflows
+      security-events: write
+      # only required for workflows in private repositories
+      actions: read
+      contents: read
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@master

diff --git a/python-3.7/README.md b/python-3.7/README.md
@@ -60,6 +60,12 @@ name: Example workflow for Python using Snyk
 on: push
 jobs:
   security:
+    permissions:
+      # required for all workflows
+      security-events: write
+      # only required for workflows in private repositories
+      actions: read
+      contents: read
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@master

diff --git a/python-3.8/README.md b/python-3.8/README.md
@@ -60,6 +60,12 @@ name: Example workflow for Python using Snyk
 on: push
 jobs:
   security:
+    permissions:
+      # required for all workflows
+      security-events: write
+      # only required for workflows in private repositories
+      actions: read
+      contents: read
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@master

diff --git a/python/README.md b/python/README.md
@@ -60,6 +60,12 @@ name: Example workflow for Python using Snyk
 on: push
 jobs:
   security:
+    permissions:
+      # required for all workflows
+      security-events: write
+      # only required for workflows in private repositories
+      actions: read
+      contents: read
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@master

diff --git a/ruby/README.md b/ruby/README.md
@@ -60,6 +60,12 @@ name: Example workflow for Ruby using Snyk
 on: push
 jobs:
   security:
+    permissions:
+      # required for all workflows
+      security-events: write
+      # only required for workflows in private repositories
+      actions: read
+      contents: read
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@master

diff --git a/scala/README.md b/scala/README.md
@@ -60,6 +60,12 @@ name: Example workflow for Scala using Snyk
 on: push
 jobs:
   security:
+    permissions:
+      # required for all workflows
+      security-events: write
+      # only required for workflows in private repositories
+      actions: read
+      contents: read
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@master