From 6cbeaf33c29c0998e5effd6e66e4ecc0d4ad1fb6 Mon Sep 17 00:00:00 2001
From: Harvester57 <florian.stosse@gmail.com>
Date: Sat, 30 Aug 2025 15:09:41 +0200
Subject: [PATCH] Add permission to upload to dependency graph

---
 .github/workflows/build-and-test.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/build-and-test.yaml b/.github/workflows/build-and-test.yaml
index 09ba7e7..3458e80 100644
--- a/.github/workflows/build-and-test.yaml
+++ b/.github/workflows/build-and-test.yaml
@@ -216,7 +216,7 @@ jobs:
     needs: deploy
     permissions:
       security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
-      actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
+      contents: write # for sbom-action artifact uploads
     runs-on: ubuntu-latest
     steps:
       -