### OpenSSF Scorecard finding: Token Permissions docker.yaml has job-level permissions but no workflow-level default. Add permissions: read-all at the top (jobs already override what they need), consistent with the other workflows. ### Ressources - https://github.com/ossf/scorecard/blob/c22063e786c11f9dd714d777a687ff7c4599b600/docs/checks.md#token-permissions
OpenSSF Scorecard finding: Token Permissions
docker.yaml has job-level permissions but no workflow-level default.
Add permissions: read-all at the top (jobs already override what they need), consistent with the other workflows.
Ressources