<table border="1" cellspacing="0" cellpadding="8">
    <tr>
        <th>Issue</th>
        <td>
            <a href=https://github.com/llvm/llvm-project/issues/69736>69736</a>
        </td>
    </tr>

    <tr>
        <th>Summary</th>
        <td>
            Add minimal permissions to new workflow, and suggest Scorecard Action
        </td>
    </tr>

    <tr>
      <th>Labels</th>
      <td>
            new issue
      </td>
    </tr>

    <tr>
      <th>Assignees</th>
      <td>
      </td>
    </tr>

    <tr>
      <th>Reporter</th>
      <td>
          diogoteles08
      </td>
    </tr>
</table>

<pre>
    Hi! I'm Diogo and I work at the same Google team as Joyce, who created the issue #60750.

I see that most of your GitHub workflows have minimal permissions correctly defined (as Joyce suggested on #60750), but the newly created workflow [libcxx-check-generated-files.yml](https://github.com/llvm/llvm-project/blob/main/.github/workflows/libcxx-check-generated-files.yml) is missing it. As it's a simple change, I'll take the liberty and submit a PR right away adding it.

Additionally, I'll suggest that you consider using the [OpenSSF Scorecard Action](https://github.com/ossf/scorecard-action), a tool that automatically evaluates the project's security posture and provide possible improvements directly at your [Security Panel](https://github.com/llvm/llvm-project/security). It's the tool that Joyce and I have used to spot the improvements suggested on our issues, and it'd be specially helpful to ensure you don't regress on the security measures you have already adopted =). Let me know if you have interest and I'd be happy to raise another PR installing it for you.

Thanks!
</pre>
<img width="1px" height="1px" alt="" src="http://email.email.llvm.org/o/eJycVF9vpDYQ_zTel1FWYMKy-8DDphF3qSr11PQLDHgAN8ZGHpM9vn1lE5JLVenUviQSO575_ZtBZj1YolqUD6J8POASRudrpd3gAhni7HxonVrrr1rIHJ6ErCZ4jL8CWgVPcHP-BTBAGAkYJ4Ivzg2GIBBOgAy_urUjIX-B2-ig84SBVCrWzAuBkMUpq8rsKLJHkV23v0_ARBBGDDA5DuB6WN3i4YsOX5c2jeyNuzGM-EowaasnNDCTnzSzdpahc95TF8wKinptSYGQ5x0N8DIMxBGIs-8IhLxEmO2ycbF0M-s74H0kiPLB6Lb7_v2uG6l7uRvIko8ld702xMd1MqJ8FPI8hjCzKK5CNkI2gw7j0h47NwnZGPO6_7ubvfuLuiBk0xrXCtlMqK2QzXF7IWTzzjY--dloeQHNkGSwA-hwhCuDDkJWDAisp9kQdCPaIXkS7TQGAr5QIm10Sz6syVpe2kkHQPj2B3g9jAHwhiugUm-tf3TsqpQO2lk0Zv2h8ZvQm5WrW6BzlrUiD0sCGGeK8uH3mezzcwPPnfPUoVdw7WK3nyrpmHshG97f3eH2brMSIThntuG4BDdh0F1ECPSKZsFAnBC8e1AxMHWL12GF2XFYPCUpZu9etaL4jXVrCPQUP9FENjAo_Ra1jaOPjJ73Nt_Q0v9NxI5FyMsRnjZ8Ee8Hqy3O2yKmXVg4bpcDnt0W409IP-U-Ik07yEkrq7acKGgJeKZOJ6VGMnO_mNiTLEdBoo0qalwF8DR4Yo7t0v7vrCfCWMupOAFD4wlVjI-bIwBRPCZav1GAieDFuhvo_qNe20A-RieR23GNOM9rxOJRcyTuwkg-JlRbDmjMFk3onY-tPkX0zxHtCwuZH1RdqEtxwQPV-elSnfPzqTwfxjovT32W9WVRnIi6-6y_7zGjvOzLou_LKj_oWmayyDOZ5ae8Ks7HQsq2agssC9X2RdaK-4wm1OYYnTw6PxySwvXpUhWng8GWDKdLK6Wl2ya_kDIeXl8n99tlYHGfGc2BP7oEHQzVV6X-9dgFF6_V-43a7dyX759bdVi8qf9zGPeoNInL3wEAAP__XxceEA">