From 9d090b57d7554bcc9ab3f8d68180ed3d46f3e568 Mon Sep 17 00:00:00 2001
From: Joyce <joycebrum@google.com>
Date: Thu, 9 Mar 2023 14:54:54 -0300
Subject: [PATCH] chore: set codeql permissions

Signed-off-by: Joyce <joycebrum@google.com>
---
 .github/workflows/codeql-analysis.yml | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index 7ba83ac1c..9a87e828d 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -10,6 +10,9 @@ on:
   schedule:
     - cron: '0 19 * * 1'
   workflow_dispatch:
+  
+permissions:
+  contents: read
 
 concurrency:
   group: ${{ github.workflow }}-${{ github.ref || github.run_id }}
@@ -19,6 +22,8 @@ jobs:
   CodeQL-Build:
 
     runs-on: ubuntu-latest
+    permissions:
+      security-events: write
 
     steps:
     - name: Checkout repository