Fix deploy workflow permissions for docker-scout job

[barne856]

No description provided.

[github-actions]

🔍 SonarQube Analysis Results

Summary:

• 🐛 Bugs: 1
• 🔒 Vulnerabilities: 0
• 🧹 Code Smells: 33
• 📊 Total Issues: 34

📋 Detailed Reports Available

📥 Download Full Report - Click "Artifacts" section

The detailed report includes:

• Complete breakdown by severity and type
• Specific file locations and line numbers
• Rule descriptions and fix suggestions
• CSV format for spreadsheet analysis
• Raw JSON data for custom processing

💡 Review the workflow summary for metrics and download the artifact for complete details.

[github-actions]

🔍 Vulnerabilities of ghcr.io/fema-ffrd/stormlit:latest

📦 Image Reference ghcr.io/fema-ffrd/stormlit:latest

digest	sha256:ce0d128f4588aecdaa51ad94cdd2a1e1be9ea33796753d01389868c6ad5740a3
vulnerabilities
platform	linux/amd64
size	908 MB
packages	400

📦 Base Image debian:12-slim

also known as	12.9-slim bookworm-20250203-slim bookworm-slim
digest	sha256:44bccdd61bf09a081b1db8c61cf49bfabf30ac7afcc970010137c0ab587b209c
vulnerabilities

glibc 2.36-9+deb12u9 (deb) pkg:deb/debian/glibc@2.36-9%2Bdeb12u9?os_distro=bookworm&os_name=debian&os_version=12 # Dockerfile (1:20) FROM mambaorg/micromamba:2.0.5 AS builder WORKDIR /app USER root RUN apt-get update && apt-get install build-essential -y \ && apt-get clean USER mambauser COPY env.yml env.yml RUN micromamba install -y -n base -f env.yml && \ micromamba clean --all --yes COPY src src COPY src/main.py src/main.py COPY .streamlit .streamlit FROM mambaorg/micromamba:2.0.5 Affected range <2.36-9+deb12u10 Fixed version 2.36-9+deb12u10 EPSS Score 0.219% EPSS Percentile 45th percentile Description When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size. glibc 2.40-6 [bookworm] - glibc 2.36-9+deb12u10 https://sourceware.org/bugzilla/show_bug.cgi?id=32582 https://www.openwall.com/lists/oss-security/2025/01/22/4 Fixed by: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=7d4b6bcae91f29d7b4daf15bab06b66cf1d2217c (2.40-branch) Fixed by: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=7971add7ee4171fdd8dfd17e7c04c4ed77a18845 (2.36-branch) https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2025-0001 https://sourceware.org/pipermail/libc-announce/2025/000044.html

pam 1.5.2-6+deb12u1 (deb) pkg:deb/debian/pam@1.5.2-6%2Bdeb12u1?os_distro=bookworm&os_name=debian&os_version=12 # Dockerfile (1:20) FROM mambaorg/micromamba:2.0.5 AS builder WORKDIR /app USER root RUN apt-get update && apt-get install build-essential -y \ && apt-get clean USER mambauser COPY env.yml env.yml RUN micromamba install -y -n base -f env.yml && \ micromamba clean --all --yes COPY src src COPY src/main.py src/main.py COPY .streamlit .streamlit FROM mambaorg/micromamba:2.0.5 Affected range >=1.5.2-6+deb12u1 Fixed version Not Fixed Description A flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions. pam (bug https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107919) https://www.openwall.com/lists/oss-security/2025/06/17/1 GHSA-f9p8-gjr4-j9gx Fixed by: linux-pam/linux-pam@475bd60 (v1.7.1) Fixed by: linux-pam/linux-pam@592d84e (v1.7.1) Fixed by: linux-pam/linux-pam@976c200 (v1.7.1)