diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index ed6203f..1a95f2a 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -7,10 +7,10 @@ on: schedule: - cron: "27 3 * * 1" -permissions: - actions: read - contents: read - security-events: write +# scorecard-action refuses to publish results when the workflow grants +# write permissions at the top level; the analysis job below declares the +# id-token/security-events writes it needs. +permissions: read-all jobs: analysis: