Update Scan Workflow Permission

[Eeebru]

🎟️ Tracking

📔 Objective

• Update Scan Workflow Permission

📸 Screenshots

⏰ Reminders before review

• Contributor guidelines followed
• All formatters and local linters executed and passed
• Written new unit and / or integration tests where applicable
• Protected functional changes with optionality (feature flags)
• Used internationalization (i18n) for all UI strings
• CI builds passed
• Communicated to DevOps any deployment requirements
• Updated any necessary documentation (Confluence, contributing docs) or informed the documentation team

🦮 Reviewer guidelines

• 👍 (:+1:) or similar for great changes
• 📝 (:memo:) or ℹ️ (:information_source:) for notes or general info
• ❓ (:question:) for questions
• 🤔 (:thinking:) or 💭 (:thought_balloon:) for more open inquiry that's not quite a confirmed issue and could potentially benefit from discussion
• 🎨 (:art:) for suggestions / improvements
• ❌ (:x:) or ⚠️ (:warning:) for more significant problems or concerns needing attention
• 🌱 (:seedling:) or ♻️ (:recycle:) for future improvements or indications of technical debt
• ⛏ (:pick:) for minor or nitpick changes

[joseph-flinn]

We should leave the permissions set to read-all here and update the permissions block on line 24 with:

permissions:
  contents: read
  security-events: write

Line 13 sets all scoped permissions to read , something like {actions: read, contents: read, issues: read, security-events: read, ...etc}. Line 24 then overrides all workflow level permissions to {security-events: write, actions: none, contents: none, ....etc}. Line 24 needs to be updated to explicitly include all other required scopes the job needs since they will be set to none if not explicitly set, even though the workflow permissions are set to read-all

[Eeebru]

This has been updated @joseph-flinn

[withinfocus]

Applied an alternative solution manually.