From 54a9246c2f5a7db58d3ec66a313e7035bf06a92e Mon Sep 17 00:00:00 2001
From: Hilmar Falkenberg <hilmar.falkenberg@sap.com>
Date: Thu, 30 Jan 2025 08:18:07 +0100
Subject: [PATCH] Update codeql.yml

Signed-off-by: Hilmar Falkenberg <hilmar.falkenberg@sap.com>
---
 .github/workflows/codeql.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index da24bdef9..e0c5ba96e 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -120,6 +120,8 @@ jobs:
     permissions:
       # Required to upload SARIF files
       security-events: write
+      # for actions/checkout to fetch code
+      contents: read
     # call reusable workflow from central '.github' repo
     uses: open-component-model/.github/.github/workflows/code-scan.yml@main
     secrets: inherit