From 12551d324375bd0c4647a8cdc7bd0f8c435c1034 Mon Sep 17 00:00:00 2001
From: Josh Soref <2119212+jsoref@users.noreply.github.com>
Date: Sun, 12 Jan 2025 20:22:59 -0500
Subject: [PATCH] [chore] [workflow] Add permissions (#37127)

#### Description

codeql requires security-events: write...

#### Link to tracking issue
#### Testing

*
[Before](https://github.com/check-spelling-sandbox/opentelemetry-collector-contrib/actions/runs/12701467278)
*
[After](https://github.com/check-spelling-sandbox/opentelemetry-collector-contrib/actions/runs/12702117033)

Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
---
 .github/workflows/codeql-analysis.yml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index 8769d26452c7..8d4883c3dd11 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -9,6 +9,10 @@ on:
 jobs:
   CodeQL-Build:
     runs-on: macos-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
     if: ${{ github.actor != 'dependabot[bot]' }}
     env:
       # Force CodeQL to run the extraction on the files compiled by our custom