From 70f8227846be71f56ed3b234ae5435004e0587e7 Mon Sep 17 00:00:00 2001
From: Joe Previte <jjprevite@gmail.com>
Date: Mon, 7 Mar 2022 13:49:48 -0700
Subject: [PATCH 1/2] chore: add permissions trivy-docker

---
 .github/workflows/trivy-docker.yaml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/trivy-docker.yaml b/.github/workflows/trivy-docker.yaml
index ae5c266659fd..c658a9cad428 100644
--- a/.github/workflows/trivy-docker.yaml
+++ b/.github/workflows/trivy-docker.yaml
@@ -25,7 +25,7 @@ on:
   workflow_dispatch:
 
 permissions:
-  actions: none
+  actions: write
   checks: none
   contents: read
   deployments: none
@@ -33,7 +33,7 @@ permissions:
   packages: none
   pull-requests: none
   repository-projects: none
-  security-events: none
+  security-events: write
   statuses: none
 
 # Cancel in-progress runs for pull requests when developers push

From 74e83f60b1299db8812c53e92f3ae93644dcbd6e Mon Sep 17 00:00:00 2001
From: Joe Previte <jjprevite@gmail.com>
Date: Tue, 8 Mar 2022 10:22:25 -0700
Subject: [PATCH 2/2] Update .github/workflows/trivy-docker.yaml

---
 .github/workflows/trivy-docker.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/trivy-docker.yaml b/.github/workflows/trivy-docker.yaml
index c658a9cad428..827a9905ab2f 100644
--- a/.github/workflows/trivy-docker.yaml
+++ b/.github/workflows/trivy-docker.yaml
@@ -25,7 +25,7 @@ on:
   workflow_dispatch:
 
 permissions:
-  actions: write
+  actions: none
   checks: none
   contents: read
   deployments: none