fix: docker-scan workflow permissions (#119)

Update the Docker vulnerability scan action to allow write to the security events of the repo. This allows the scan results to be published.
cds-snc · Apr 21, 2023 · 7dc92e8 · 7dc92e8
1 parent 7308bba
commit 7dc92e8
Showing 1 changed file with 3 additions and 2 deletions.
diff --git a/.github/workflows/docker-vulnerability-scan.yml b/.github/workflows/docker-vulnerability-scan.yml
@@ -9,8 +9,9 @@ env:
   DOCKER_SLUG: public.ecr.aws/cds-snc/notify-document-download-api
 
 permissions:
-  id-token: write   # This is required for requesting the OIDC JWT
-  contents: read    # This is required for actions/checkout
+  id-token: write        # This is required for requesting the OIDC JWT
+  contents: read         # This is required for actions/checkout
+  security-events: write # This is required for the docker-scan action
 
 jobs:
   docker-vulnerability-scan: