From c743f13d0d87c8e0475233949f71d3a1b67c2b1d Mon Sep 17 00:00:00 2001
From: Naveen <172697+naveensrinivasan@users.noreply.github.com>
Date: Fri, 1 Apr 2022 16:34:21 -0500
Subject: [PATCH] Add permissions to GitHub actions

- Included permissions for the action. https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions

Setting token permissions to read-only follows the principle of least privilege. This is important because attackers may use a compromised token with write access to push malicious code into the project.

https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions
---
 .github/workflows/go.yml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.github/workflows/go.yml b/.github/workflows/go.yml
index 85bdd5d67..6a1557be5 100644
--- a/.github/workflows/go.yml
+++ b/.github/workflows/go.yml
@@ -6,6 +6,9 @@ on:
   pull_request:
     branches: [ master ]
 
+permissions:
+  contents: read
+
 jobs:
 
   lint: