From 77df583d24a95037b43eb7507381a72c82b63162 Mon Sep 17 00:00:00 2001
From: David Fernandez <david.fermnandez@nullplatform.com>
Date: Thu, 21 May 2026 15:40:36 -0300
Subject: [PATCH] fix(security-scan): add actions: read permission required by
 codeql upload-sarif

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 .github/workflows/docker-security-scan.yml | 1 +
 .github/workflows/ecr-security-scan.yml    | 1 +
 2 files changed, 2 insertions(+)

diff --git a/.github/workflows/docker-security-scan.yml b/.github/workflows/docker-security-scan.yml
index 8ad990d..0af3b00 100644
--- a/.github/workflows/docker-security-scan.yml
+++ b/.github/workflows/docker-security-scan.yml
@@ -40,6 +40,7 @@ on:
 permissions:
   contents: read
   security-events: write
+  actions: read
 
 jobs:
   scan:
diff --git a/.github/workflows/ecr-security-scan.yml b/.github/workflows/ecr-security-scan.yml
index d5b5322..8259625 100644
--- a/.github/workflows/ecr-security-scan.yml
+++ b/.github/workflows/ecr-security-scan.yml
@@ -34,6 +34,7 @@ permissions:
   id-token: write
   contents: read
   security-events: write
+  actions: read
 
 jobs:
   scan: