Do not run vulnerability scans on forks

grafana · Nov 15, 2023 · e50360b · e50360b
1 parent d22c1fd
commit e50360b
Showing 1 changed file with 3 additions and 7 deletions.
diff --git a/.github/workflows/vulnerability-scan.yml b/.github/workflows/vulnerability-scan.yml
@@ -3,15 +3,13 @@ on: pull_request
 
 permissions:
   pull-requests: write
-  contents: write
+  issues: write
 
 jobs:
   snyk:
     name: Snyk Scan
     runs-on: ubuntu-latest
-    permissions:
-      issues: write
-      pull-requests: write
+    if: ${{ !github.event.pull_request.head.repo.fork }}
     steps:
       - name: Checkout code
         uses: actions/checkout@master
@@ -50,9 +48,7 @@ jobs:
   trivy:
     name: Trivy Scan
     runs-on: ubuntu-20.04
-    permissions:
-      issues: write
-      pull-requests: write
+    if: ${{ !github.event.pull_request.head.repo.fork }}
     steps:
       - name: Checkout code
         uses: actions/checkout@v3