From 3f49fab2fa6ff5b1a21a9bbb540c0d4cf1f6aa28 Mon Sep 17 00:00:00 2001
From: Tomasz Gromadzki <tomasz.gromadzki@intel.com>
Date: Sun, 27 Oct 2024 15:30:56 +0100
Subject: [PATCH] common: fix scan permissions

Signed-off-by: Tomasz Gromadzki <tomasz.gromadzki@intel.com>
---
 .github/workflows/scans.yml | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/scans.yml b/.github/workflows/scans.yml
index 2f328199b6..f94edb883e 100644
--- a/.github/workflows/scans.yml
+++ b/.github/workflows/scans.yml
@@ -14,12 +14,13 @@ jobs:
     uses: ./.github/workflows/scan_bandit.yml
     name: Bandit
   call-codeql:
-    uses: ./.github/workflows/scan_codeql.yml
-    name: CodeQL
     permissions:
       actions: read
       contents: read
       security-events: write
+    uses: ./.github/workflows/scan_codeql.yml
+    name: CodeQL
+
   call-coverity:
     # Sorry, no other branches are supported. The result upload would fail.
     if: github.ref == 'refs/heads/master'