From ede3b5045aa908ef6d0b240d75474bcc73e5b80d Mon Sep 17 00:00:00 2001 From: Brooks Cunningham Date: Mon, 17 Nov 2025 10:26:59 -0600 Subject: [PATCH 1/5] Potential fix for code scanning alert no. 6: Workflow does not contain permissions Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> --- .github/workflows/ngwaf-k8s-module-agent.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/ngwaf-k8s-module-agent.yaml b/.github/workflows/ngwaf-k8s-module-agent.yaml index 0df0c37..43296f6 100644 --- a/.github/workflows/ngwaf-k8s-module-agent.yaml +++ b/.github/workflows/ngwaf-k8s-module-agent.yaml @@ -1,4 +1,6 @@ name: k8s module-agent NGWAF Deployment +permissions: + contents: read on: workflow_dispatch: From 43ae832b14a317310f88215c9645034a66cac2a2 Mon Sep 17 00:00:00 2001 From: Brooks Cunningham Date: Mon, 17 Nov 2025 10:27:46 -0600 Subject: [PATCH 2/5] Potential fix for code scanning alert no. 4: Workflow does not contain permissions Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> --- .github/workflows/github-action.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/github-action.yml b/.github/workflows/github-action.yml index 18a6a3e..d8d090d 100644 --- a/.github/workflows/github-action.yml +++ b/.github/workflows/github-action.yml @@ -1,7 +1,8 @@ # This is a basic workflow to help you get started with Actions name: CI - +permissions: + contents: read # Controls when the workflow will run on: # Triggers the workflow on push or pull request events but only for the "main" branch From 1d4ea14d29e73ae06cfc2cc413225bd31429795b Mon Sep 17 00:00:00 2001 From: Brooks Cunningham Date: Mon, 17 Nov 2025 10:27:59 -0600 Subject: [PATCH 3/5] Potential fix for code scanning alert no. 3: Workflow does not contain permissions Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> --- .github/workflows/ngwaf-envoy.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/ngwaf-envoy.yaml b/.github/workflows/ngwaf-envoy.yaml index 1f10fe7..d2a23dd 100644 --- a/.github/workflows/ngwaf-envoy.yaml +++ b/.github/workflows/ngwaf-envoy.yaml @@ -1,4 +1,6 @@ name: Envoy NGWAF Deployment +permissions: + contents: read on: workflow_dispatch: From 5a87d557c87a281736ca6742c5da879189521d39 Mon Sep 17 00:00:00 2001 From: Brooks Cunningham Date: Mon, 17 Nov 2025 10:28:08 -0600 Subject: [PATCH 4/5] Potential fix for code scanning alert no. 2: Workflow does not contain permissions Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> --- .github/workflows/build-ngwaf-compute-integration.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/build-ngwaf-compute-integration.yaml b/.github/workflows/build-ngwaf-compute-integration.yaml index 6fa208d..4f65752 100644 --- a/.github/workflows/build-ngwaf-compute-integration.yaml +++ b/.github/workflows/build-ngwaf-compute-integration.yaml @@ -1,5 +1,7 @@ name: Build ngwaf-compute-integration on: push +permissions: + contents: read jobs: build-ngwaf-compute-integration: From 759b2a8881fc50cfe7d58c2ea0a451883c368e48 Mon Sep 17 00:00:00 2001 From: Brooks Cunningham Date: Mon, 17 Nov 2025 10:28:35 -0600 Subject: [PATCH 5/5] Potential fix for code scanning alert no. 1: Workflow does not contain permissions Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> --- .github/workflows/ngwaf-proxy-rate-limit.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/ngwaf-proxy-rate-limit.yaml b/.github/workflows/ngwaf-proxy-rate-limit.yaml index 6a2ae01..50c028c 100644 --- a/.github/workflows/ngwaf-proxy-rate-limit.yaml +++ b/.github/workflows/ngwaf-proxy-rate-limit.yaml @@ -1,4 +1,6 @@ name: Rate Limiting Demo +permissions: + contents: read on: workflow_dispatch: