From de3a5ff6347c1443ccfed629ec48f23c51093f46 Mon Sep 17 00:00:00 2001
From: GCHQDeveloper581 <63102987+GCHQDeveloper581@users.noreply.github.com>
Date: Wed, 4 Feb 2026 15:12:25 +0000
Subject: [PATCH] Fix code scanning warnings in workflows (#2177)

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
---
 .github/workflows/master.yml        | 5 +++++
 .github/workflows/pull_requests.yml | 3 +++
 2 files changed, 8 insertions(+)

diff --git a/.github/workflows/master.yml b/.github/workflows/master.yml
index d092a74c6..74710dff1 100644
--- a/.github/workflows/master.yml
+++ b/.github/workflows/master.yml
@@ -1,5 +1,8 @@
 name: "Master Build, Test & Deploy"
 
+permissions:
+  contents: read
+
 on:
   workflow_dispatch:
   push:
@@ -8,6 +11,8 @@ on:
 
 jobs:
   main:
+    permissions:
+      contents: write
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v6
diff --git a/.github/workflows/pull_requests.yml b/.github/workflows/pull_requests.yml
index 7f65b6171..8f04df72c 100644
--- a/.github/workflows/pull_requests.yml
+++ b/.github/workflows/pull_requests.yml
@@ -1,5 +1,8 @@
 name: "Pull Requests"
 
+permissions:
+  contents: read
+
 on:
   workflow_dispatch:
   pull_request: