Feature: Enhance permissions for AquaSec scans and improve logging in GitHub project queries (#15)

miroslavpojer · web-flow · commit 57bec82eccb7 · 2026-03-20T11:48:09.000+01:00
* Feature: Enhance permissions for AquaSec scans and improve logging in GitHub project queries

* Fixed black.
diff --git a/.github/workflows/aquasec-scan.yml b/.github/workflows/aquasec-scan.yml
@@ -72,6 +72,7 @@ permissions:
   actions: read
   issues: write
   security-events: write
+  repository-projects: read
 
 jobs:
   aquasec-scan:
diff --git a/docs/security/example_workflows/aquasec-night-scan.yml b/docs/security/example_workflows/aquasec-night-scan.yml
@@ -35,6 +35,7 @@ permissions:
   actions: read
   issues: write
   security-events: write
+  repository-projects: read
 
 jobs:
   scan:
diff --git a/src/shared/github_projects.py b/src/shared/github_projects.py
@@ -96,14 +96,19 @@ def gh_project_get_priority_field(
       }
     }
     """
+    logging.debug(f"Querying ProjectV2 #{project_number} in org '{org}'")
     data = _run_graphql(query, {"org": org, "num": project_number})
     if data is None:
+        logging.warning(f"GraphQL query for project #{project_number} in org '{org}' failed.")
         _project_priority_cache[cache_key] = None
         return None
 
     project = (data.get("data") or {}).get("organization", {}).get("projectV2")
     if project is None:
-        logging.warning(f"Project #{project_number} not found in org {org}")
+        logging.warning(
+            f"Project #{project_number} not found in org '{org}'. "
+            "Verify the project exists, is a V2 project (not classic)."
+        )
         _project_priority_cache[cache_key] = None
         return None
 
