From c4b3af8a3c23780e068c4ecb5f6c237b002a4586 Mon Sep 17 00:00:00 2001
From: Derek Roberts <derek.roberts@gmail.com>
Date: Mon, 6 Jan 2025 13:55:06 -0800
Subject: [PATCH] Tighten permissions for analysis

---
 .github/workflows/analysis.yml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/.github/workflows/analysis.yml b/.github/workflows/analysis.yml
index f004a471..8dcbf3e4 100644
--- a/.github/workflows/analysis.yml
+++ b/.github/workflows/analysis.yml
@@ -13,6 +13,8 @@ concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
   cancel-in-progress: true
 
+permissions: {}
+
 jobs:
   tests:
     name: Unit Tests
@@ -38,6 +40,8 @@ jobs:
     name: Trivy Security Scan
     if: ${{ ! github.event.pull_request.draft }}
     needs: [tests]
+    permissions:
+      security-events: write
     runs-on: ubuntu-24.04
     steps:
       - uses: actions/checkout@v4