From 20ec174fcb8323913db119d007f24def04336c67 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Sun, 15 Mar 2026 12:55:25 +0000
Subject: [PATCH 1/2] Initial plan


From 698ce307c4ed72224d9142f874c2a64fc472b615 Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Sun, 15 Mar 2026 13:09:16 +0000
Subject: [PATCH 2/2] Fix: add required permissions to security-alert-burndown
 campaign workflow

Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
---
 .../workflows/security-alert-burndown.campaign.g.lock.yml   | 6 +++++-
 .github/workflows/security-alert-burndown.campaign.g.md     | 6 ++++++
 2 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/security-alert-burndown.campaign.g.lock.yml b/.github/workflows/security-alert-burndown.campaign.g.lock.yml
index a193dcd7f58..a39560dcb43 100644
--- a/.github/workflows/security-alert-burndown.campaign.g.lock.yml
+++ b/.github/workflows/security-alert-burndown.campaign.g.lock.yml
@@ -23,7 +23,7 @@
 #
 # Orchestrator workflow for campaign 'security-alert-burndown'
 #
-# gh-aw-metadata: {"schema_version":"v2","frontmatter_hash":"4cabee9e7e0a3b1a2f3c07dce2b2a763a9e8aeadbb3e8228389b45f8255ac805","strict":true}
+# gh-aw-metadata: {"schema_version":"v2","frontmatter_hash":"95c604b0da56636c5697a678a5a3be8ec94c72422e416485321e10fa43001f3e","strict":true}
 
 name: "Security Alert Burndown"
 "on":
@@ -244,7 +244,11 @@ jobs:
     needs: activation
     runs-on: ubuntu-latest
     permissions:
+      actions: read
       contents: read
+      issues: read
+      pull-requests: read
+      security-events: read
     concurrency:
       group: "gh-aw-claude-${{ github.workflow }}"
     env:
diff --git a/.github/workflows/security-alert-burndown.campaign.g.md b/.github/workflows/security-alert-burndown.campaign.g.md
index d9ae3e084f6..e4c81696609 100644
--- a/.github/workflows/security-alert-burndown.campaign.g.md
+++ b/.github/workflows/security-alert-burndown.campaign.g.md
@@ -25,6 +25,12 @@ safe-outputs:
     max: 10
     project: "https://github.com/orgs/githubnext/projects/122"
 runs-on: ubuntu-latest
+permissions:
+  actions: read
+  contents: read
+  issues: read
+  pull-requests: read
+  security-events: read
 tools:
   bash:
   - "*"