diff --git a/.github/workflows/codebreaker-azure.yml b/.github/workflows/codebreaker-azure.yml
index 18e2a65..f71a026 100644
--- a/.github/workflows/codebreaker-azure.yml
+++ b/.github/workflows/codebreaker-azure.yml
@@ -72,6 +72,9 @@ jobs:
   set-staging-environmentvariables:
     runs-on: ubuntu-latest
     needs: [deploy-test]
+    permissions:
+      id-token: write
+      contents: read
     steps:
     - name: Azure Login
       uses: azure/login@v2
diff --git a/.github/workflows/codebreaker-lib-analyzers-stable.yml b/.github/workflows/codebreaker-lib-analyzers-stable.yml
index 4fd8207..565473b 100644
--- a/.github/workflows/codebreaker-lib-analyzers-stable.yml
+++ b/.github/workflows/codebreaker-lib-analyzers-stable.yml
@@ -5,6 +5,9 @@ on:
   # Allow manually trigger 
   workflow_dispatch:    
 
+permissions:
+  contents: read
+
 jobs:
   build:
     runs-on: ubuntu-latest
diff --git a/.github/workflows/codebreaker-lib-analyzers.yml b/.github/workflows/codebreaker-lib-analyzers.yml
index 76deb3d..092ca53 100644
--- a/.github/workflows/codebreaker-lib-analyzers.yml
+++ b/.github/workflows/codebreaker-lib-analyzers.yml
@@ -13,6 +13,9 @@ on:
   # Allow manually trigger 
   workflow_dispatch:    
 
+permissions:
+  contents: read
+
 jobs:
   build:
     uses: CodebreakerApp/Codebreaker.Backend/.github/workflows/createnuget-withbuildnumber.yml@main
diff --git a/.github/workflows/codebreaker-lib-backendmodels-stable.yml b/.github/workflows/codebreaker-lib-backendmodels-stable.yml
index 9da1cf7..e346e64 100644
--- a/.github/workflows/codebreaker-lib-backendmodels-stable.yml
+++ b/.github/workflows/codebreaker-lib-backendmodels-stable.yml
@@ -5,6 +5,9 @@ on:
   # Allow manually trigger 
   workflow_dispatch:    
 
+permissions:
+  contents: read
+
 jobs:
   build:
     runs-on: ubuntu-latest
diff --git a/.github/workflows/codebreaker-lib-backendmodels.yml b/.github/workflows/codebreaker-lib-backendmodels.yml
index acee1d7..4c1cfcc 100644
--- a/.github/workflows/codebreaker-lib-backendmodels.yml
+++ b/.github/workflows/codebreaker-lib-backendmodels.yml
@@ -13,6 +13,9 @@ on:
   # Allow manually trigger 
   workflow_dispatch:    
 
+permissions:
+  contents: read
+
 jobs:
   build:
     uses: CodebreakerApp/Codebreaker.Backend/.github/workflows/createnuget-withbuildnumber.yml@main
diff --git a/.github/workflows/codebreaker-lib-client-stable.yml b/.github/workflows/codebreaker-lib-client-stable.yml
index f0b11e8..10ec8ac 100644
--- a/.github/workflows/codebreaker-lib-client-stable.yml
+++ b/.github/workflows/codebreaker-lib-client-stable.yml
@@ -5,6 +5,9 @@ on:
   # Allow manually trigger 
   workflow_dispatch:    
 
+permissions:
+  contents: read
+
 jobs:
   build:
     runs-on: ubuntu-latest
diff --git a/.github/workflows/codebreaker-lib-client.yml b/.github/workflows/codebreaker-lib-client.yml
index e152439..2c6ead2 100644
--- a/.github/workflows/codebreaker-lib-client.yml
+++ b/.github/workflows/codebreaker-lib-client.yml
@@ -13,6 +13,9 @@ on:
   # Allow manually trigger 
   workflow_dispatch:    
 
+permissions:
+  contents: read
+
 jobs:
   build:
     uses: CodebreakerApp/Codebreaker.Backend/.github/workflows/createnuget-withbuildnumber.yml@main
diff --git a/.github/workflows/codebreaker-lib-cosmos-stable.yml b/.github/workflows/codebreaker-lib-cosmos-stable.yml
index 07eab66..f48f63d 100644
--- a/.github/workflows/codebreaker-lib-cosmos-stable.yml
+++ b/.github/workflows/codebreaker-lib-cosmos-stable.yml
@@ -5,6 +5,9 @@ on:
   # Allow manually trigger 
   workflow_dispatch:    
 
+permissions:
+  contents: read
+
 jobs:
   build:
     runs-on: ubuntu-latest
diff --git a/.github/workflows/codebreaker-lib-cosmos.yml b/.github/workflows/codebreaker-lib-cosmos.yml
index 67564c8..3722b02 100644
--- a/.github/workflows/codebreaker-lib-cosmos.yml
+++ b/.github/workflows/codebreaker-lib-cosmos.yml
@@ -13,6 +13,9 @@ on:
   # Allow manually trigger 
   workflow_dispatch:    
 
+permissions:
+  contents: read
+
 jobs:
   build:
     uses: CodebreakerApp/Codebreaker.Backend/.github/workflows/createnuget-withbuildnumber.yml@main
diff --git a/.github/workflows/codebreaker-lib-postgresql.yml b/.github/workflows/codebreaker-lib-postgresql.yml
index 8db5a75..d3665d2 100644
--- a/.github/workflows/codebreaker-lib-postgresql.yml
+++ b/.github/workflows/codebreaker-lib-postgresql.yml
@@ -12,6 +12,9 @@ on:
   # Allow manually trigger 
   workflow_dispatch:    
 
+permissions:
+  contents: read
+
 jobs:
   build:
     uses: CodebreakerApp/Codebreaker.Backend/.github/workflows/createnuget-withbuildnumber.yml@main
diff --git a/.github/workflows/codebreaker-lib-sqlserver-stable.yml b/.github/workflows/codebreaker-lib-sqlserver-stable.yml
index c3ae575..79ac9eb 100644
--- a/.github/workflows/codebreaker-lib-sqlserver-stable.yml
+++ b/.github/workflows/codebreaker-lib-sqlserver-stable.yml
@@ -5,6 +5,9 @@ on:
   # Allow manually trigger 
   workflow_dispatch:    
 
+permissions:
+  contents: read
+
 jobs:
   build:
     runs-on: ubuntu-latest
diff --git a/.github/workflows/codebreaker-lib-sqlserver.yml b/.github/workflows/codebreaker-lib-sqlserver.yml
index daeb24f..1893a7f 100644
--- a/.github/workflows/codebreaker-lib-sqlserver.yml
+++ b/.github/workflows/codebreaker-lib-sqlserver.yml
@@ -12,6 +12,9 @@ on:
   # Allow manually trigger 
   workflow_dispatch:    
 
+permissions:
+  contents: read
+
 jobs:
   build:
     uses: CodebreakerApp/Codebreaker.Backend/.github/workflows/createnuget-withbuildnumber.yml@main
diff --git a/.github/workflows/copilot-setup-steps.yml b/.github/workflows/copilot-setup-steps.yml
index 5c5fb19..076a647 100644
--- a/.github/workflows/copilot-setup-steps.yml
+++ b/.github/workflows/copilot-setup-steps.yml
@@ -4,11 +4,12 @@ name: Copilot Setup Steps
 on:
   workflow_dispatch
 
+permissions:
+  contents: read
+
 jobs:
   copilot-setup-steps:
     runs-on: ubuntu-latest
-    permissions:
-      contents: read
     steps:
       - name: Checkout code
         uses: actions/checkout@v5
diff --git a/.github/workflows/createnuget-withbuildnumber.yml b/.github/workflows/createnuget-withbuildnumber.yml
index 1ccf4c2..d6d7c54 100644
--- a/.github/workflows/createnuget-withbuildnumber.yml
+++ b/.github/workflows/createnuget-withbuildnumber.yml
@@ -40,6 +40,9 @@ on:
         required: false
         type: string
 
+permissions:
+  contents: read
+
 jobs:
   build:
     runs-on: ubuntu-latest
diff --git a/.github/workflows/publishnuget-azuredevops.yml b/.github/workflows/publishnuget-azuredevops.yml
index 4a0dbf3..9e54aaa 100644
--- a/.github/workflows/publishnuget-azuredevops.yml
+++ b/.github/workflows/publishnuget-azuredevops.yml
@@ -10,6 +10,9 @@ on:
       DEVOPSARTIFACT_PAT:
         required: true
 
+permissions:
+  contents: read
+
 jobs:
   publish:
     runs-on: ubuntu-latest
diff --git a/.github/workflows/publishnuget-nugetserver.yml b/.github/workflows/publishnuget-nugetserver.yml
index ed178eb..fb612c1 100644
--- a/.github/workflows/publishnuget-nugetserver.yml
+++ b/.github/workflows/publishnuget-nugetserver.yml
@@ -10,6 +10,9 @@ on:
       NUGETAPIKEY:
         required: true
 
+permissions:
+  contents: read
+
 jobs:
   publish:
     runs-on: ubuntu-latest