diff --git a/knowledge-base/actions/artiomtr/jest-coverage-report-action/action-security.yml b/knowledge-base/actions/artiomtr/jest-coverage-report-action/action-security.yml
new file mode 100644
index 000000000..f80322801
--- /dev/null
+++ b/knowledge-base/actions/artiomtr/jest-coverage-report-action/action-security.yml
@@ -0,0 +1,11 @@
+name: "jest coverage report "
+github-token:
+  action-input:
+    input: github-token
+    is-default: true
+  permissions:
+    pull-requests: read
+    pull-requests-reason: to check code coverage of pr
+    issues: write 
+    issues-reason: to comment the codecoverage to pr
+    #Reference: https://github.com/ArtiomTr/jest-coverage-report-action/blob/e1023a86c8d1ba542bfaa9a18a9efe55ef494c8a/src/typings/Options.ts
diff --git a/knowledge-base/actions/codesee-io/codesee-map-action/action-security.yml b/knowledge-base/actions/codesee-io/codesee-map-action/action-security.yml
new file mode 100644
index 000000000..abf25aade
--- /dev/null
+++ b/knowledge-base/actions/codesee-io/codesee-map-action/action-security.yml
@@ -0,0 +1,2 @@
+name: "codesee-map-action"
+#Note: github token not used.
diff --git a/knowledge-base/actions/dbelyaev/action-checkstyle/action-security.yml b/knowledge-base/actions/dbelyaev/action-checkstyle/action-security.yml
new file mode 100644
index 000000000..6296eb81a
--- /dev/null
+++ b/knowledge-base/actions/dbelyaev/action-checkstyle/action-security.yml
@@ -0,0 +1,9 @@
+name: "Checkstyle for Java GitHub Action"
+github-token:
+  action-input:
+    input: github_token
+    is-default: true
+  permissions:
+    pull-requests: read
+    pull-requests-reason: to analyse the pull requests
+    #Reference: https://github.com/dbelyaev/action-checkstyle/blob/956b3848022aa1a3d74861d81f9d0b6853c17d36/README.md
diff --git a/knowledge-base/actions/dwenegar/upload-release-assets/action-security.yml b/knowledge-base/actions/dwenegar/upload-release-assets/action-security.yml
new file mode 100644
index 000000000..767a8b0f3
--- /dev/null
+++ b/knowledge-base/actions/dwenegar/upload-release-assets/action-security.yml
@@ -0,0 +1,7 @@
+name: "GitHub Release Assets Upload Action"
+github-token:
+  environment-variable-name: GITHUB_TOKEN
+  permissions:
+    contents: write
+    contents-reason: to upload release assets
+#Reference: https://github.com/dwenegar/upload-release-assets/blob/fc5bc557b51cf4fc168f11bebc1e20a17949f0d2/src/upload-release-assets.ts#L50
diff --git a/knowledge-base/actions/enricomi/publish-unit-test-result-action/action-security.yml b/knowledge-base/actions/enricomi/publish-unit-test-result-action/action-security.yml
new file mode 100644
index 000000000..e11958eaf
--- /dev/null
+++ b/knowledge-base/actions/enricomi/publish-unit-test-result-action/action-security.yml
@@ -0,0 +1,16 @@
+name: "Publish Unit Test Results"
+github-token:
+  action-input:
+    input: github_token
+    is-default: true
+  permissions:
+    contents: read
+    contents-reason: to fetch code
+    issues: read
+    issues-reason: to get issues
+    checks: write
+    checks-reason: to check test results
+    pull-requests: write
+    pull-requests-reason: to post comment on PR
+    pull-requests-if: ${{ with['comment_mode'] != 'off' }}
+    #Reference: https://github.com/EnricoMi/publish-unit-test-result-action#permissions
diff --git a/knowledge-base/actions/enricomi/publish-unit-test-result-action/composite/action-security.yml b/knowledge-base/actions/enricomi/publish-unit-test-result-action/composite/action-security.yml
index e62849eff..32f8a02ab 100644
--- a/knowledge-base/actions/enricomi/publish-unit-test-result-action/composite/action-security.yml
+++ b/knowledge-base/actions/enricomi/publish-unit-test-result-action/composite/action-security.yml
@@ -1,4 +1,4 @@
-name: 'Publish Unit Test Results'
+name: "Publish Unit Test Results"
 github-token:
   action-input:
     input: github_token
@@ -10,7 +10,7 @@ github-token:
     issues-reason: to get issues
     checks: write
     checks-reason: to check test results
-    pull-requests: write 
+    pull-requests: write
     pull-requests-reason: to post comment on PR
     pull-requests-if: ${{ with['comment_mode'] != 'off' }}
-    #Reference: https://github.com/EnricoMi/publish-unit-test-result-action#permissions
+ #Reference: https://github.com/EnricoMi/publish-unit-test-result-action#permissions
diff --git a/knowledge-base/actions/megalinter/megalinter/action-security.yml b/knowledge-base/actions/megalinter/megalinter/action-security.yml
new file mode 100644
index 000000000..4fe84c9be
--- /dev/null
+++ b/knowledge-base/actions/megalinter/megalinter/action-security.yml
@@ -0,0 +1,9 @@
+name: "MegaLinter, by OX Security"
+github-token:
+  environment-variable-name: GITHUB_TOKEN
+  permissions:
+    pull-requests: read
+    pull-requests-reason: to analyse code consistency in pr
+    issues: write
+    issues-reason: to comment report summary
+    #Reference: https://github.com/step-security/secure-workflows/pull/1133/files/d4fcb60aea817162cd93d6b6fd6ff928a284f747#r968159151
diff --git a/knowledge-base/actions/sonarsource/sonarqube-scan-action/action-security.yml b/knowledge-base/actions/sonarsource/sonarqube-scan-action/action-security.yml
new file mode 100644
index 000000000..299184355
--- /dev/null
+++ b/knowledge-base/actions/sonarsource/sonarqube-scan-action/action-security.yml
@@ -0,0 +1,2 @@
+name : "Scan your code with SonarQube"
+#Note: github token not used.