From 78cadfd3527bca376cb83d402aa4c9c04904021d Mon Sep 17 00:00:00 2001
From: hicccc77 <98377878+hicccc77@users.noreply.github.com>
Date: Fri, 27 Mar 2026 19:12:31 +0800
Subject: [PATCH] ci: add security-events write permission for CodeQL

---
 .github/workflows/security-scan.yml | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/.github/workflows/security-scan.yml b/.github/workflows/security-scan.yml
index 6e358c1..82c328c 100644
--- a/.github/workflows/security-scan.yml
+++ b/.github/workflows/security-scan.yml
@@ -5,6 +5,11 @@ on:
     - cron: '0 2 * * *'  # 每天 UTC 02:00（北京时间 10:00）
   workflow_dispatch:     # 支持手动触发
 
+permissions:
+  contents: read
+  security-events: write
+  actions: read
+
 jobs:
   security-scan:
     name: Security Scan (${{ matrix.branch }})