From 38c7913d45560146488bad9f6e27655453e45e4a Mon Sep 17 00:00:00 2001
From: nolte <nolte07@gmail.com>
Date: Sat, 6 Jan 2024 22:49:00 +0100
Subject: [PATCH] add permission

---
 .github/workflows/build-static-tests.yaml | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/.github/workflows/build-static-tests.yaml b/.github/workflows/build-static-tests.yaml
index 52c870c..372d1ba 100644
--- a/.github/workflows/build-static-tests.yaml
+++ b/.github/workflows/build-static-tests.yaml
@@ -4,5 +4,15 @@ on:
 jobs:
   static:
     uses: nolte/gh-plumbing/.github/workflows/reuseable-pre-commit.yaml@v1.0.24
+
   security:
     uses: nolte/gh-plumbing/.github/workflows/reuseable-trivy.yaml@v1.0.24
+    permissions:
+      contents: read # for actions/checkout to fetch code
+      security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
+      actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
+
+  chain-bench:
+    uses: nolte/gh-plumbing/.github/workflows/reuseable-chain-bench.yaml@v1.0.24
+    secrets:
+      token: ${{ secrets.GITHUB_TOKEN }}
\ No newline at end of file