From aed20d1eeee26b774004d6eb4f4427bddc0d974a Mon Sep 17 00:00:00 2001
From: Oksana Salyk <oksana.salyk@hpe.com>
Date: Thu, 30 Jan 2025 10:15:25 +0100
Subject: [PATCH] common: add some changes to permissions

---
 .github/workflows/scan_coverage.yml | 9 ++++++---
 .github/workflows/scans.yml         | 4 ++++
 2 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/scan_coverage.yml b/.github/workflows/scan_coverage.yml
index 6be2314d7e..1f360cc30b 100644
--- a/.github/workflows/scan_coverage.yml
+++ b/.github/workflows/scan_coverage.yml
@@ -7,6 +7,11 @@ on:
       CODECOV_TOKEN:
         required: true
 
+permissions:
+  actions: read
+  contents: read
+  security-events: write
+
 env:
   # Note: All coverage scans, e.g. on pull requests, should be run in the same
   # environment.
@@ -24,8 +29,6 @@ env:
   TEST_BUILD:   debug
   FAULT_INJECTION: 1
 
-permissions: {}
-
 jobs:
   linux:
     name: Linux
@@ -41,7 +44,7 @@ jobs:
         run: cd $WORKDIR && ./build-CI.sh
 
       - name: Upload coverage to Codecov
-        uses: codecov/codecov-action@13ce06bfc6bbe3ecf90edbbf1bc32fe5978ca1d3 # v5.3.1
+        uses: 
         with:
           root_dir: /home/runner/work/pmdk/pmdk/
           directory: /home/runner/work/pmdk/pmdk/
diff --git a/.github/workflows/scans.yml b/.github/workflows/scans.yml
index 2f328199b6..0775143d3c 100644
--- a/.github/workflows/scans.yml
+++ b/.github/workflows/scans.yml
@@ -33,6 +33,10 @@ jobs:
     secrets:
       CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
     name: Coverage
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
   call-documentation:
     uses: ./.github/workflows/scan_documentation.yml
     name: Documentation