From ee1b89e1f8175168641d02d72b058e30e0442bf9 Mon Sep 17 00:00:00 2001
From: Thomas Pedley <115152253+ThomasPedleyNHS@users.noreply.github.com>
Date: Fri, 8 May 2026 15:16:30 +0100
Subject: [PATCH 1/2] NHSO-0000: Potential fix for code scanning alert no. 4:
 Workflow does not contain permissions

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
---
 .github/workflows/continuous-integration.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.github/workflows/continuous-integration.yml b/.github/workflows/continuous-integration.yml
index c57a46d..4e4f887 100644
--- a/.github/workflows/continuous-integration.yml
+++ b/.github/workflows/continuous-integration.yml
@@ -1,6 +1,8 @@
 name: Build
 
 on: push
+permissions:
+  contents: write
 
 jobs:
   build:

From 2c137ba089c17d89fb2a076315a58a28b063382f Mon Sep 17 00:00:00 2001
From: Thomas Pedley <115152253+ThomasPedleyNHS@users.noreply.github.com>
Date: Fri, 8 May 2026 15:19:24 +0100
Subject: [PATCH 2/2] NHSO-0000: Potential fix for code scanning alert no. 3:
 Workflow does not contain permissions

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
---
 .github/workflows/pr-lint.yaml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.github/workflows/pr-lint.yaml b/.github/workflows/pr-lint.yaml
index 204bc2e..3f3644d 100644
--- a/.github/workflows/pr-lint.yaml
+++ b/.github/workflows/pr-lint.yaml
@@ -1,5 +1,8 @@
 name: PR Quality Check
 on: pull_request
+permissions:
+  contents: read
+  pull-requests: write
 jobs:
   link-ticket:
     runs-on: ubuntu-latest