From 8d443ba334a1ae776b4e779dd438b75e478105ac Mon Sep 17 00:00:00 2001
From: Daniel Ortiz <dortiz@krakend.io>
Date: Thu, 11 Jul 2024 22:34:22 +0000
Subject: [PATCH] Add permissions to upload the security reports. Remove the
 builder scan since it's the official golang docker container and it's not
 used in runtime.

Signed-off-by: Daniel Ortiz <dortiz@krakend.io>
---
 .github/workflows/security.yml | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml
index 13825e8f..51659ab1 100644
--- a/.github/workflows/security.yml
+++ b/.github/workflows/security.yml
@@ -42,11 +42,13 @@ jobs:
           sarif_file: 'trivy-results.sarif'
 
   image-scan:
+    permissions:
+      security-events: write
+      actions: read
+      contents: read
     strategy:
       matrix:
         config:
-          - image: krakend/builder
-            dockerfile: Dockerfile-builder
           - image: krakend/krakend-ce
             dockerfile: Dockerfile
     runs-on: ubuntu-latest