When Your Workplace Controls Your Personal GitHub Repos: Understanding GitHub Org Policies
I was hardening this blog’s GitHub repository as part of a security series — adding CodeQL static analysis, Dependabot, and secret scanning. Everything went smoothly until I tried to run CodeQL in a workflow against my personal, private repository. The workflow ran. The analysis completed. And then it failed with this: Warning: This run of the CodeQL Action does not have permission to access the CodeQL Action API endpoints. Code scanning is not enabled for this repository. The repository settings showed Code Scanning as available. The workflow had security-events: write. The YAML was valid. The workflow was not running from a fork. Nothing obvious was wrong. ...