From a94b1aa628ec92dbe8b74fe3fc6bd7436c2f1d76 Mon Sep 17 00:00:00 2001
From: johndoe6345789 <john.doe6345789@gmail.com>
Date: Sat, 17 Jan 2026 13:16:26 +0000
Subject: [PATCH] Generated by Spark: Run github/codeql-action/upload-sarif@v3
 Warning: CodeQL Action v3 will be deprecated in December 2026. Please update
 all occurrences of the CodeQL Action in your workflow files to v4. For more
 information, see
 https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/
 Warning: This run of the CodeQL Action does not have permission to access the
 CodeQL Action API endpoints. This could be because the Action is running on a
 pull request from a fork. If not, please ensure the workflow has at least the
 'security-events: read' permission. Details: Resource not accessible by
 integration - https://docs.github.com/rest Post-processing sarif files:
 ["trivy-results.sarif"] Validating trivy-results.sarif Adding fingerprints to
 SARIF file. See
 https://docs.github.com/en/enterprise-cloud@latest/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning#providing-data-to-track-code-scanning-alerts-across-runs
 for more information. Uploading code scanning results   Uploading results  
 Warning: Resource not accessible by integration -
 https://docs.github.com/rest   Error: Resource not accessible by integration
 - https://docs.github.com/rest   Warning: This run of the CodeQL Action does
 not have permission to access the CodeQL Action API endpoints. This could be
 because the Action is running on a pull request from a fork. If not, please
 ensure the workflow has at least the 'security-events: read' permission.
 Details: Resource not accessible by integration -
 https://docs.github.com/rest

---
 .github/workflows/ci.yml | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 80e0e62..07073b7 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -140,6 +140,10 @@ jobs:
   security-scan:
     name: Security Scan
     runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      security-events: write
+      actions: read
     steps:
       - uses: actions/checkout@v4
 
@@ -155,7 +159,7 @@ jobs:
           output: 'trivy-results.sarif'
 
       - name: Upload Trivy results to GitHub Security
-        uses: github/codeql-action/upload-sarif@v3
+        uses: github/codeql-action/upload-sarif@v4
         if: always()
         with:
           sarif_file: 'trivy-results.sarif'