From 4fd6a1046cc3200e65e4df528b4be5bb0a18dd1c Mon Sep 17 00:00:00 2001
From: Johannes Nussbaum <39048939+jnussbaum@users.noreply.github.com>
Date: Mon, 14 Aug 2023 10:36:23 +0200
Subject: [PATCH]  fix: fix bandit workflow configuration (DEV-2536) #470

---
 .github/workflows/bandit.yml | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/bandit.yml b/.github/workflows/bandit.yml
index 0dc96c5d9..76c7f5074 100644
--- a/.github/workflows/bandit.yml
+++ b/.github/workflows/bandit.yml
@@ -10,11 +10,16 @@ jobs:
     permissions:
       contents: read                                    # for actions/checkout to fetch code
       security-events: write                            # for github/codeql-action/upload-sarif to upload SARIF results
+      actions: read                                     # only required for a private repository by 
+                                                        # github/codeql-action/upload-sarif to get the Action run status
+
 
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
       - name: Bandit Scan
         uses: shundor/python-bandit-scan@main
         with: # optional arguments
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}     # Needed to get PR information.
+          level: high
+          confidence: medium