diff --git a/.github/workflows/docker-security-scan.yml b/.github/workflows/docker-security-scan.yml
index 62b0cbdb..b335cb8a 100644
--- a/.github/workflows/docker-security-scan.yml
+++ b/.github/workflows/docker-security-scan.yml
@@ -9,6 +9,10 @@ on:
       - main
   pull_request:
 
+permissions:
+  contents: read
+  security-events: write
+
 jobs:
   scan:
     runs-on: ubuntu-latest