From 8b9656717b4356732096d2e9a40f2d31f771a04a Mon Sep 17 00:00:00 2001
From: Changming Sun <chasun@microsoft.com>
Date: Wed, 19 Jun 2024 14:44:39 -0700
Subject: [PATCH] Fix a perm issue in Windows Static Analysis pipeline (#21100)

### Description
Due to a security setting change, now we need to explicitly set the
permissions. I forgot doing that when bringing the old change back.

### Motivation and Context
Now the pipeline cannot publish scanning result to Github
---
 .github/workflows/sca.yml | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/.github/workflows/sca.yml b/.github/workflows/sca.yml
index eb35f6a814..0867d4c343 100644
--- a/.github/workflows/sca.yml
+++ b/.github/workflows/sca.yml
@@ -16,6 +16,8 @@ env:
 
 jobs:
   Onnxruntime-SCA-training-CUDA:
+    permissions:
+      security-events: write
     runs-on: ["self-hosted", "1ES.Pool=onnxruntime-github-vs2022-mms"]
     steps:
       - uses: actions/checkout@v4
@@ -57,6 +59,8 @@ jobs:
 
   # No python
   Onnxruntime-SCA-win32-WINML-x64:
+    permissions:
+      security-events: write
     runs-on: ["self-hosted", "1ES.Pool=onnxruntime-github-vs2022-mms"]
     steps:
       - uses: actions/checkout@v4
@@ -95,6 +99,8 @@ jobs:
 
   # No java, No python
   Onnxruntime-SCA-win32-WINML-x86:
+    permissions:
+      security-events: write
     runs-on: ["self-hosted", "1ES.Pool=onnxruntime-github-vs2022-mms"]
     steps:
       - uses: actions/checkout@v4