From f4aaea5b19ded435eb7230e11dedcb1a23671a01 Mon Sep 17 00:00:00 2001
From: firewave <firewave@users.noreply.github.com>
Date: Sun, 12 Jan 2025 13:44:07 +0100
Subject: [PATCH] fixed #13351 - codeql-analysis.yml: limit `write` permissions
 to jobs

---
 .github/workflows/codeql-analysis.yml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index e084522d8c2..185ebe139c6 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -14,12 +14,13 @@ on:
 
 permissions:
   contents: read
-  security-events: write
 
 jobs:
   analyze:
     name: Analyze
     runs-on: ubuntu-22.04
+    permissions:
+      security-events: write
 
     strategy:
       fail-fast: false