diff --git a/.github/workflows/build_scan_container.yml b/.github/workflows/build_scan_container.yml
index 631cc85..b665324 100644
--- a/.github/workflows/build_scan_container.yml
+++ b/.github/workflows/build_scan_container.yml
@@ -12,6 +12,11 @@ on:
     branches: #
       - '*'
 
+permissions:
+  contents: read
+  id-token: write
+  actions: write  # For uploading artifacts
+
 jobs:
   build:
     name: Build docker image
diff --git a/.github/workflows/example_display_findings.yml b/.github/workflows/example_display_findings.yml
index b31c008..30bdcb5 100644
--- a/.github/workflows/example_display_findings.yml
+++ b/.github/workflows/example_display_findings.yml
@@ -8,6 +8,10 @@ on:
     branches: #
       - '*'
 
+permissions:
+  contents: read
+  id-token: write
+
 jobs:
   daily_job:
     runs-on: ubuntu-latest
diff --git a/.github/workflows/run_unit_tests.yml b/.github/workflows/run_unit_tests.yml
index 454e94a..2c1e0f2 100644
--- a/.github/workflows/run_unit_tests.yml
+++ b/.github/workflows/run_unit_tests.yml
@@ -7,6 +7,10 @@ on:
     branches: #
       - '*'
 
+permissions:
+  contents: read
+  id-token: write
+
 jobs:
   build:
     runs-on: ubuntu-latest
diff --git a/.github/workflows/scan_repo_with_semgrep.yml b/.github/workflows/scan_repo_with_semgrep.yml
index 91dcae6..1d2e8a5 100644
--- a/.github/workflows/scan_repo_with_semgrep.yml
+++ b/.github/workflows/scan_repo_with_semgrep.yml
@@ -2,6 +2,9 @@ name: Semgrep Scan
 
 on: [push]
 
+permissions:
+  contents: read
+
 jobs:
   semgrep:
     runs-on: ubuntu-latest
diff --git a/.github/workflows/test_archive.yml b/.github/workflows/test_archive.yml
index 77f792a..6814119 100644
--- a/.github/workflows/test_archive.yml
+++ b/.github/workflows/test_archive.yml
@@ -11,6 +11,10 @@ on:
     branches: #
       - '*'
 
+permissions:
+  contents: read
+  id-token: write
+
 jobs:
   daily_job:
     runs-on: ubuntu-latest
diff --git a/.github/workflows/test_binary.yml b/.github/workflows/test_binary.yml
index c58e930..c9c6539 100644
--- a/.github/workflows/test_binary.yml
+++ b/.github/workflows/test_binary.yml
@@ -11,6 +11,10 @@ on:
     branches: #
       - '*'
 
+permissions:
+  contents: read
+  id-token: write
+
 jobs:
   daily_job:
     runs-on: ubuntu-latest
diff --git a/.github/workflows/test_containers.yml b/.github/workflows/test_containers.yml
index af4c211..d34a69a 100644
--- a/.github/workflows/test_containers.yml
+++ b/.github/workflows/test_containers.yml
@@ -11,6 +11,10 @@ on:
     branches: #
       - '*'
 
+permissions:
+  contents: read
+  id-token: write
+
 jobs:
   daily_job:
     runs-on: ubuntu-latest
diff --git a/.github/workflows/test_dockerfile_vulns.yml b/.github/workflows/test_dockerfile_vulns.yml
index d15d119..1bb3847 100644
--- a/.github/workflows/test_dockerfile_vulns.yml
+++ b/.github/workflows/test_dockerfile_vulns.yml
@@ -11,6 +11,10 @@ on:
     branches: #
       - '*'
 
+permissions:
+  contents: read
+  id-token: write
+
 jobs:
   daily_job:
     runs-on: ubuntu-latest
diff --git a/.github/workflows/test_installation.yml b/.github/workflows/test_installation.yml
index 32b1d0f..3800c74 100644
--- a/.github/workflows/test_installation.yml
+++ b/.github/workflows/test_installation.yml
@@ -11,6 +11,10 @@ on:
     branches:
       - '*'
 
+permissions:
+  contents: read
+  id-token: write
+
 jobs:
   daily_job:
     runs-on: ubuntu-latest
diff --git a/.github/workflows/test_no_vulns.yml b/.github/workflows/test_no_vulns.yml
index 9eebb2e..a2d3b83 100644
--- a/.github/workflows/test_no_vulns.yml
+++ b/.github/workflows/test_no_vulns.yml
@@ -7,6 +7,10 @@ on:
     branches: #
       - '*'
 
+permissions:
+  contents: read
+  id-token: write
+
 jobs:
   daily_job:
     runs-on: ubuntu-latest
diff --git a/.github/workflows/test_reports_no_vulns.yml b/.github/workflows/test_reports_no_vulns.yml
index f16fb28..bb2f61b 100644
--- a/.github/workflows/test_reports_no_vulns.yml
+++ b/.github/workflows/test_reports_no_vulns.yml
@@ -5,6 +5,10 @@ on:
     branches: #
       - '*'
 
+permissions:
+  contents: read
+  id-token: write
+
 jobs:
   daily_job:
     runs-on: ubuntu-latest
diff --git a/.github/workflows/test_repository.yml b/.github/workflows/test_repository.yml
index 6cbba9a..57fbb08 100644
--- a/.github/workflows/test_repository.yml
+++ b/.github/workflows/test_repository.yml
@@ -11,6 +11,10 @@ on:
     branches: #
       - '*'
 
+permissions:
+  contents: read
+  id-token: write
+
 jobs:
   daily_job:
     runs-on: ubuntu-latest
diff --git a/.github/workflows/test_vuln_thresholds.yml b/.github/workflows/test_vuln_thresholds.yml
index ab08c34..c8c64f7 100644
--- a/.github/workflows/test_vuln_thresholds.yml
+++ b/.github/workflows/test_vuln_thresholds.yml
@@ -10,6 +10,10 @@ on:
     branches: #
       - '*'
 
+permissions:
+  contents: read
+  id-token: write
+
 jobs:
   build:
     name: Build docker image