Potential fix for code scanning alert no. 3: Workflow does not contain permissions

[mikolayek]

Potential fix for https://github.com/SAP/hybris-commerce-eclipse-plugin/security/code-scanning/3

To fix this problem, you should add a permissions block to the affected job in your workflow, limiting the GITHUB_TOKEN to only those privileges required for the analysis. Neither the workflow nor the job currently declares any permissions: block. The best fix in this case is to add permissions: contents: read to the job (or at the workflow root) unless more write permissions are required for this specific workflow, which is not the case here. You should insert this block in the analyze job, right after the name: Analyze or before runs-on. Edit .github/workflows/codeql-analysis.yml, adding:

permissions:
  contents: read

just after

name: Analyze

No additional imports, methods, or definitions are needed.

Suggested fixes powered by Copilot Autofix. Review carefully before merging.

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

Snapshot Warnings

⚠️: No snapshots were found for the head SHA cc8e8d4.

Ensure that dependencies are being submitted on PR branches and consider enabling retry-on-snapshot-warnings. See the documentation for more information and troubleshooting advice.

Scanned Files

None

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud