From 277d9702555532d13426119d31c70fffb389d589 Mon Sep 17 00:00:00 2001
From: Gagan H R <hrgagan4@gmail.com>
Date: Tue, 28 Apr 2026 22:32:21 +0530
Subject: [PATCH] fix: adds topLevel permissions to improve openSSF scores

Signed-off-by: Gagan H R <hrgagan4@gmail.com>
---
 .github/workflows/codeql-analysis.yml | 7 ++++---
 .github/workflows/stale.yaml          | 5 +++++
 2 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index 972602fea..51ba3ed3f 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -24,14 +24,15 @@ on:
   schedule:
     - cron: '29 6 * * 6'
 
-permissions:  
-  contents: read
-  security-events: write
+permissions: {}
 
 jobs:
   analyze:
     name: Analyze
     runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      security-events: write
 
     strategy:
       fail-fast: false
diff --git a/.github/workflows/stale.yaml b/.github/workflows/stale.yaml
index 7d41280ad..9b0c29952 100644
--- a/.github/workflows/stale.yaml
+++ b/.github/workflows/stale.yaml
@@ -3,9 +3,14 @@ on:
   schedule:
   - cron: "0 0 * * *"
 
+permissions: {}
+
 jobs:
   stale:
     runs-on: ubuntu-latest
+    permissions:
+      issues: write
+      pull-requests: write
     steps:
     - uses: actions/stale@b5d41d4e1d5dceea10e7104786b73624c18a190f # v10.2.0
       with: