From 4e7295776a4d0830c3f193b2fed805083cd5c6dc Mon Sep 17 00:00:00 2001 From: arpitjain099 Date: Wed, 13 May 2026 11:38:17 +0000 Subject: [PATCH] ci(validate): pin contents: read The landscape.yml validation workflow only runs cncf/landscape2-validate-action against the checkout; no API writes. Signed-off-by: arpitjain099 --- .github/workflows/validate.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index 6547f36bc45..7a6cf96372a 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -7,6 +7,9 @@ on: - main - master +permissions: + contents: read + jobs: validate-landscape: runs-on: ubuntu-latest