From 63540d8cf33f55fcec637f98b14b53f8022d1983 Mon Sep 17 00:00:00 2001
From: jrfnl <jrfnl@users.noreply.github.com>
Date: Sat, 20 Sep 2025 05:08:06 +0200
Subject: [PATCH] GH Actions/scorecard: update permissions

... to match the current recommendations.

I've removed the "read" permissions as those should only be needed for "private" repos.

Ref: https://github.com/ossf/scorecard-action#additional-permissions-for-private-repositories
---
 .github/workflows/scorecards.yml | 12 ++++--------
 1 file changed, 4 insertions(+), 8 deletions(-)

diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml
index 06fa35ac..5d11aaa4 100644
--- a/.github/workflows/scorecards.yml
+++ b/.github/workflows/scorecards.yml
@@ -7,8 +7,7 @@ on:
   push:
     branches: [ "master" ]
 
-# Declare default permissions as read only.
-permissions: read-all
+permissions: {}
 
 jobs:
   analysis:
@@ -17,15 +16,12 @@ jobs:
 
     name: Scorecards analysis
     runs-on: ubuntu-latest
+
     permissions:
-      # Needed to upload the results to code-scanning dashboard.
+      # Required when publishing results (badge / API / code scanning)
       security-events: write
-      # Used to receive a badge. (Upcoming feature)
       id-token: write
-      # Needs for private repositories.
-      contents: read
-      actions: read
-    
+
     steps:
       - name: "Checkout code"
         uses: actions/checkout@v4