From a68a94aee73daeeab0d2ba06dddded3a87180f9e Mon Sep 17 00:00:00 2001
From: Joas Schilling <coding@schilljs.com>
Date: Tue, 27 Jan 2026 14:53:58 +0100
Subject: [PATCH 1/2] ci(actions): Satisfy zizmor and show that we trust
 ourselves

Signed-off-by: Joas Schilling <coding@schilljs.com>

From 900ed566659116c9391faef98264090f65e67d3c Mon Sep 17 00:00:00 2001
From: Joas Schilling <coding@schilljs.com>
Date: Tue, 27 Jan 2026 14:56:50 +0100
Subject: [PATCH 2/2] ci(action): Assign permission as low as possible

Signed-off-by: Joas Schilling <coding@schilljs.com>
---
 .github/workflows/static-code-analysis.yml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.github/workflows/static-code-analysis.yml b/.github/workflows/static-code-analysis.yml
index 63aa86d34e4d8..7ecc62011362d 100644
--- a/.github/workflows/static-code-analysis.yml
+++ b/.github/workflows/static-code-analysis.yml
@@ -57,6 +57,9 @@ jobs:
 
     if: ${{ github.repository_owner != 'nextcloud-gmbh' }}
 
+    permissions:
+      security-events: write
+
     steps:
       - name: Checkout code
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683