From c64ee4de8c236ddc4d574cfaf1dcdb3aa0253e53 Mon Sep 17 00:00:00 2001
From: Andrew Eisenberg <aeisenberg@github.com>
Date: Mon, 26 Apr 2021 10:49:45 -0700
Subject: [PATCH] Actions: Add permissions block to code scanning workflow

---
 .github/workflows/codeql.yml | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index 293c0e2bd96..f8cd6c4eef8 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -11,6 +11,12 @@ on:
 jobs:
   codeql:
     runs-on: ubuntu-latest
+
+    permissions:
+      contents: read
+      security_events: write
+      pull_requests: read
+
     steps:
       - name: Checkout repository
         uses: actions/checkout@v2