Fix permissions for check-run action (#300)

mandreko-bitwarden · web-flow · commit e1c5e7b06a3f · 2025-06-09T09:48:34.000-04:00
diff --git a/.github/workflows/scan.yml b/.github/workflows/scan.yml
@@ -16,10 +16,14 @@ on:
     branches:
       - "main"
 
+permissions: {}
+
 jobs:
   check-run:
     name: Check PR run
     uses: bitwarden/gh-actions/.github/workflows/check-run.yml@main
+    permissions:
+      contents: read
 
   sast:
     name: SAST scan
