--- a/.github/workflows/codeql-analysis.yml	Mon Jan 23 21:11:39 2023 -0500
+++ b/.github/workflows/codeql-analysis.yml	Mon Jan 23 21:21:38 2023 -0500
@@ -21,19 +21,22 @@
   schedule:
     - cron: '28 17 * * 1'
 
+permissions:
+  contents: read
+
 concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
   cancel-in-progress: true
 
-permissions:
-  contents: read
-  security-events: write
-
 jobs:
   analyze:
     name: Analyze
     runs-on: ubuntu-latest
 
+    permissions:
+      contents: read
+      security-events: write
+
     strategy:
       fail-fast: false
       matrix: