diff --git a/Makefile b/Makefile
index d649a01dcc..751c79fd27 100644
--- a/Makefile
+++ b/Makefile
@@ -472,13 +472,13 @@ download-github-actions-schema:
 # This must be run after download-github-actions-schema to preserve local additions.
 .PHONY: patch-github-actions-schema
 patch-github-actions-schema:
-	@echo "Patching GitHub Actions schema with copilot-requests permission..."
+	@echo "Patching GitHub Actions schema with custom permissions..."
 	@tmpfile=$$(mktemp) && \
-		jq '.definitions["permissions-event"].properties["copilot-requests"] = {"type": "string", "enum": ["write", "none"]}' \
+		jq '.definitions["permissions-event"].properties += {"copilot-requests": {"type": "string", "enum": ["write", "none"]}, "vulnerability-alerts": {"type": "string", "enum": ["read", "none"]}}' \
 			pkg/workflow/schemas/github-workflow.json > "$$tmpfile" && \
 		mv "$$tmpfile" pkg/workflow/schemas/github-workflow.json
 	@cd actions/setup/js && npm run format:schema >/dev/null 2>&1
-	@echo "✓ Patched GitHub Actions schema with copilot-requests permission"
+	@echo "✓ Patched GitHub Actions schema with custom permissions"
 
 # Run linter (full repository scan)
 .PHONY: golint
diff --git a/pkg/workflow/schema_validation_test.go b/pkg/workflow/schema_validation_test.go
index b6ff913d53..27946f8407 100644
--- a/pkg/workflow/schema_validation_test.go
+++ b/pkg/workflow/schema_validation_test.go
@@ -210,6 +210,21 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - run: echo hello
+`,
+			expectError: false,
+		},
+		{
+			name: "vulnerability-alerts permission in job permissions passes",
+			yamlContent: `
+name: Test
+on: push
+jobs:
+  test:
+    permissions:
+      vulnerability-alerts: read
+    runs-on: ubuntu-latest
+    steps:
+      - run: echo hello
 `,
 			expectError: false,
 		},
diff --git a/pkg/workflow/schemas/github-workflow.json b/pkg/workflow/schemas/github-workflow.json
index e3437f83ba..c2f1f43220 100644
--- a/pkg/workflow/schemas/github-workflow.json
+++ b/pkg/workflow/schemas/github-workflow.json
@@ -281,6 +281,10 @@
         "copilot-requests": {
           "type": "string",
           "enum": ["write", "none"]
+        },
+        "vulnerability-alerts": {
+          "type": "string",
+          "enum": ["read", "none"]
         }
       }
     },