From 5851e6041273741ec1324a4590fca1788c61d049 Mon Sep 17 00:00:00 2001
From: chris3ware <36608309+chris3ware@users.noreply.github.com>
Date: Wed, 15 Mar 2023 21:30:32 +0000
Subject: [PATCH] change top level permissions to `contents: read` for tfsec
 workflow

---
 .github/workflows/tfsec-pr.yaml | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/tfsec-pr.yaml b/.github/workflows/tfsec-pr.yaml
index bf5ea96..c81698c 100644
--- a/.github/workflows/tfsec-pr.yaml
+++ b/.github/workflows/tfsec-pr.yaml
@@ -10,18 +10,16 @@ on:
         type: string
 
 # Declare default permissions as read only.
-permissions: read-all
+permissions:
+  contents: read
 
 jobs:
   find-terraform:
-    permissions:
-      contents: read
     uses: ./.github/workflows/get-terraform-dir.yaml
 
   tfsec-pr-commenter:
     permissions:
       pull-requests: write
-      contents: read
     runs-on: ubuntu-latest
     timeout-minutes: 10
     concurrency: