[TPDMDEV-798] Improve Workflow Permissions (#100)

chrisgocode · web-flow · commit a43d2a1de2e8 · 2024-06-12T10:20:50.000-05:00
* Improve Workflow Permissions

* removed redundant read permissions
diff --git a/.github/workflows/Dependencies Security Scan.yml b/.github/workflows/Dependencies Security Scan.yml
@@ -7,6 +7,8 @@ on:
     paths:
       - 'src/**'
 
+permissions: read-all
+
 jobs:
   scan-actions:
     name: Scan Actions
@@ -16,8 +18,6 @@ jobs:
     name: Analyze Code Dependencies
     runs-on: ubuntu-latest
     permissions:
-      actions: read
-      contents: read
       security-events: write
 
     strategy:
diff --git a/.github/workflows/build-model.yml b/.github/workflows/build-model.yml
@@ -18,6 +18,8 @@ on:
         description: "ed_fi_model_ref: The reference name from the Ed-Fi Model repo to pull. Default: DS-5.1-ME-3.x"
   pull_request:
 
+permissions: read-all
+
 env:
   data_model_version: "5.1.0"
   ODS_version: "7.2"
