From 8fe6e29c80f7a9880dedca72c3dc502256df0aaf Mon Sep 17 00:00:00 2001
From: "Francesa Alfaro, Agustin" <agustin.francesa.alfaro@intel.com>
Date: Mon, 16 Jun 2025 13:16:48 -0600
Subject: [PATCH] ci: applying security recommendations

Signed-off-by: Francesa Alfaro, Agustin <agustin.francesa.alfaro@intel.com>
---
 .github/workflows/bandit.yml      | 2 ++
 .github/workflows/check-build.yml | 3 +++
 2 files changed, 5 insertions(+)

diff --git a/.github/workflows/bandit.yml b/.github/workflows/bandit.yml
index ec9fd2a..8fc6af3 100644
--- a/.github/workflows/bandit.yml
+++ b/.github/workflows/bandit.yml
@@ -9,10 +9,12 @@ on:
 jobs:
   analyze:
     runs-on: 'ubuntu-latest'
+
     permissions:
       security-events: write
       actions: read
       contents: read
+    
     steps:
     - name: Set up Python 3.9
       uses: actions/setup-python@v5
diff --git a/.github/workflows/check-build.yml b/.github/workflows/check-build.yml
index c22599b..5e8042c 100644
--- a/.github/workflows/check-build.yml
+++ b/.github/workflows/check-build.yml
@@ -11,6 +11,9 @@ jobs:
   build-test:
     runs-on: 'ubuntu-latest'
 
+    permissions:
+      contents: read
+
     steps:
       - name: Checkout
         uses: actions/checkout@v4