From 7adbfdcc84e2f41d406b4636d539d2aae719f6c5 Mon Sep 17 00:00:00 2001
From: Matt Andreko <mandreko@bitwarden.com>
Date: Mon, 9 Jun 2025 09:34:28 -0400
Subject: [PATCH] Fix permissions for check-run action (#5316)

---
 .github/workflows/scan.yml | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/scan.yml b/.github/workflows/scan.yml
index a90074843b..f72bc72c7f 100644
--- a/.github/workflows/scan.yml
+++ b/.github/workflows/scan.yml
@@ -11,11 +11,14 @@ on:
     branches:
       - main
 
+permissions: {}
+
 jobs:
   check-run:
     name: Check PR run
     uses: bitwarden/gh-actions/.github/workflows/check-run.yml@main
-    permissions: read-all
+    permissions:
+      contents: read
 
   sast:
     name: SAST scan