chore(ci): make scorecard happier (#65)

* chore(ci): make scorecard happier * chore: add codeowners J:DEF-3650
coveo · Jan 14, 2025 · eb8d697 · eb8d697
1 parent a203438
commit eb8d697
Show file tree

Hide file tree

Showing 3 changed files with 22 additions and 0 deletions.
diff --git a/.github/workflows/java-maven-openjdk11-codeql.yml b/.github/workflows/java-maven-openjdk11-codeql.yml
@@ -12,10 +12,16 @@ on:
         required: false
         type: string
 
+permissions: { }
+
 jobs:
   analyze-java:
     uses: coveo/public-actions/.github/workflows/java-maven-openjdk-codeql.yml@main
     with:
       runs-on: ${{ inputs.runs-on }}
       mvn-additional-arguments: ${{ inputs.mvn-arguments }}
       jdk-version: 11
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
diff --git a/.github/workflows/java-maven-openjdk11-dependency-submission.yml b/.github/workflows/java-maven-openjdk11-dependency-submission.yml
@@ -14,6 +14,8 @@ on:
         required: false
         type: string
 
+permissions: { }
+
 jobs:
   submit-dependencies:
     name: Submit dependencies
@@ -22,3 +24,5 @@ jobs:
       runs-on: ${{ inputs.runs-on }}
       directory: ${{ inputs.directory }}
       jdk-version: 11
+    permissions:
+      contents: write
diff --git a/CODEOWNERS b/CODEOWNERS
@@ -1,2 +1,14 @@
 .github/workflows/dependency-review.yml @coveo/dev-tooling-reviewers-1 @coveo/dev-tooling-reviewers-2 @coveo/dev-tooling-reviewers-3
 audit-renovate-config/** @coveo/dev-tooling @coveo/r-d-security-defence @coveo/cloud-intelligence
+
+.github/workflows/actions-codeql.yml @coveo/r-d-security-defence
+.github/workflows/dependency-review.yml @coveo/r-d-security-defence
+.github/workflows/dependency-review-v2.yml @coveo/r-d-security-defence
+.github/workflows/java-maven-openjdk11-codeql.yml @coveo/r-d-security-defence
+.github/workflows/java-maven-openjdk11-dependency-submission.yml @coveo/r-d-security-defence
+.github/workflows/java-maven-openjdk-codeql.yml @coveo/r-d-security-defence
+.github/workflows/java-maven-openjdk-dependency-review.yml @coveo/r-d-security-defence
+.github/workflows/java-maven-openjdk-dependency-submission.yml @coveo/r-d-security-defence
+.github/workflows/scorecard.yml @coveo/r-d-security-defence
+.github/workflows/test-actions-codeql.yml @coveo/r-d-security-defence
+.github/workflows/test-dependency-review.yml @coveo/r-d-security-defence