From 53052b24a0fc8e4ca785bdba53234943a6e5dcef Mon Sep 17 00:00:00 2001
From: "stepsecurity-app[bot]"
 <188008098+stepsecurity-app[bot]@users.noreply.github.com>
Date: Fri, 6 Jun 2025 12:36:16 -0600
Subject: [PATCH] [StepSecurity] Apply security best practices (#473)

Signed-off-by: StepSecurity Bot <bot@stepsecurity.io>
Co-authored-by: stepsecurity-app[bot] <188008098+stepsecurity-app[bot]@users.noreply.github.com>
---
 .github/workflows/check.yml       | 3 +++
 .github/workflows/release-plz.yml | 3 +++
 2 files changed, 6 insertions(+)

diff --git a/.github/workflows/check.yml b/.github/workflows/check.yml
index d189b2a..21ff4c5 100644
--- a/.github/workflows/check.yml
+++ b/.github/workflows/check.yml
@@ -6,6 +6,9 @@ on:
   merge_group:
     branches:
     - main
+permissions:
+  contents: read
+
 jobs:
   rustfmt:
     name: rustfmt
diff --git a/.github/workflows/release-plz.yml b/.github/workflows/release-plz.yml
index b0b1875..7a3500f 100644
--- a/.github/workflows/release-plz.yml
+++ b/.github/workflows/release-plz.yml
@@ -6,6 +6,9 @@ on:
 concurrency:
   group: "${{ github.workflow }}"
   cancel-in-progress: true
+permissions:
+  contents: read
+
 jobs:
   release-plz:
     name: release-plz