CodeQL: Update SARIF uploading example (#25702)

RasmusWL · web-flow · commit d11f852453a8 · 2022-03-01T11:06:56.000Z
* CodeQL: Update SARIF uploading example
diff --git a/content/code-security/code-scanning/integrating-with-code-scanning/uploading-a-sarif-file-to-github.md b/content/code-security/code-scanning/integrating-with-code-scanning/uploading-a-sarif-file-to-github.md
@@ -86,7 +86,11 @@ jobs:
   build:
     runs-on: ubuntu-latest{% ifversion fpt or ghes > 3.1 or ghae or ghec %}
     permissions:
-      security-events: write{% endif %}
+      # required for all workflows
+      security-events: write
+      # only required for workflows in private repositories
+      actions: read
+      contents: read{% endif %}
     steps:
       # This step checks out a copy of your repository.
       - name: Checkout repository
@@ -123,7 +127,11 @@ jobs:
   build:
     runs-on: ubuntu-latest{% ifversion fpt or ghes > 3.1 or ghae or ghec %}
     permissions:
-      security-events: write{% endif %}
+      # required for all workflows
+      security-events: write
+      # only required for workflows in private repositories
+      actions: read
+      contents: read{% endif %}
     steps:
       - uses: actions/checkout@v2
       - name: Run npm install
