Specify explicit read permission for the scanner job

asutosh · asutosh · commit e9ea4e73570c · 2025-11-13T17:44:53.000+05:30
Signed-off-by: Asutosh &lt;asutosh@tyk.io&gt;
diff --git a/.github/workflows/s1-cns-scans.yml b/.github/workflows/s1-cns-scans.yml
@@ -8,6 +8,8 @@ on:
 jobs:
   s1_scanner:
     uses: TykTechnologies/github-actions/.github/workflows/s1-cns-scan.yml@main
+    permissions:
+      contents: read
     with:
       iac_enabled: false
       tag: service:vulnscan
