From 72ff74777fb476f8327b1245d2ff50a75e228deb Mon Sep 17 00:00:00 2001
From: Jiazhen Fan <52474868+sfc-gh-jfan@users.noreply.github.com>
Date: Wed, 18 Oct 2023 15:34:46 -0700
Subject: [PATCH] PRODSEC-3611 fix GHA parsing (#603)

---
 .github/workflows/snyk-issue.yml | 5 +++++
 .github/workflows/snyk-pr.yml    | 6 ++++++
 2 files changed, 11 insertions(+)

diff --git a/.github/workflows/snyk-issue.yml b/.github/workflows/snyk-issue.yml
index b586554dd..2a3f6226a 100644
--- a/.github/workflows/snyk-issue.yml
+++ b/.github/workflows/snyk-issue.yml
@@ -4,6 +4,11 @@ on:
   schedule:
     - cron: '* */12 * * *'
 
+permissions:
+  contents: read
+  issues: write
+  pull-requests: write
+
 concurrency: snyk-issue
 
 jobs:
diff --git a/.github/workflows/snyk-pr.yml b/.github/workflows/snyk-pr.yml
index 1ef32b622..4cb65c098 100644
--- a/.github/workflows/snyk-pr.yml
+++ b/.github/workflows/snyk-pr.yml
@@ -3,6 +3,12 @@ on:
   pull_request:
     branches:
       - master
+
+permissions:
+  contents: read
+  issues: write
+  pull-requests: write
+
 jobs:
   snyk:
     runs-on: ubuntu-latest