From 38f730cdce6943042be7dc40445bacab8f269626 Mon Sep 17 00:00:00 2001
From: Salman Muin Kayser Chishti <salmanmkc@GitHub.com>
Date: Wed, 15 Apr 2026 02:40:02 +0000
Subject: [PATCH] Add vulnerability-alerts permission to workflow schema

Add vulnerability-alerts as a new read-only permission key in the
permissions-mapping. This permission allows workflows to read
Dependabot alerts via GITHUB_TOKEN.

Uses permission-level-read-or-no-access type (read and none only).
Updated security-events description to reflect it covers code
scanning alerts only.
---
 workflow-parser/src/workflow-v1.0.json | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/workflow-parser/src/workflow-v1.0.json b/workflow-parser/src/workflow-v1.0.json
index f514407f..8a4ecc61 100644
--- a/workflow-parser/src/workflow-v1.0.json
+++ b/workflow-parser/src/workflow-v1.0.json
@@ -1644,11 +1644,15 @@
           },
           "security-events": {
             "type": "permission-level-any",
-            "description": "Code scanning and Dependabot alerts."
+            "description": "Code scanning alerts."
           },
           "statuses": {
             "type": "permission-level-any",
             "description": "Commit statuses."
+          },
+          "vulnerability-alerts": {
+            "type": "permission-level-read-or-no-access",
+            "description": "Dependabot alerts."
           }
         }
       }