From beb779bf2267bb1c0ac81cb31db729cdfcc963aa Mon Sep 17 00:00:00 2001 From: Josh Buker Date: Sat, 5 Oct 2024 14:03:54 +0000 Subject: [PATCH] Update README to include bit about permissions near the top (#496) Currently the info about permissions is below the fold, and I missed it when implementing the action for my own projects. Signed-off-by: Josh Buker --- README.md | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/README.md b/README.md index 5c615d72..1990d88e 100644 --- a/README.md +++ b/README.md @@ -17,6 +17,17 @@ and upload a workflow artifact SBOM in SPDX format. It will also detect if being run during a [GitHub release](https://docs.github.com/en/repositories/releasing-projects-on-github/about-releases) and upload the SBOM as a release asset. +> [!IMPORTANT] +> To upload the SBOM to releases, you will need to give the action permission to read the artifact from the action, and write it to the release: +> ```yaml +> jobs: +> build: +> permissions: +> actions: read +> contents: write +> steps: +> ``` + ## Example Usage ### Scan a container image