diff --git a/.github/workflows/workflow.yml b/.github/workflows/workflow.yml
index b6869fe..547cae1 100644
--- a/.github/workflows/workflow.yml
+++ b/.github/workflows/workflow.yml
@@ -13,6 +13,9 @@ on:
   workflow_dispatch:
   repository_dispatch:
 
+permissions:
+  contents: read
+
 concurrency:
   group: '${{ github.workflow }}-${{ github.job }}-${{ github.head_ref || github.ref_name }}'
   cancel-in-progress: true
@@ -24,6 +27,8 @@ env:
 jobs:
   test:
     name: Test SDK
+    permissions:
+      contents: read
     runs-on: macos-14
     steps:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
@@ -61,6 +66,8 @@ jobs:
   sources-lint:
     name: Lint Source files
     needs: test
+    permissions:
+      contents: read
     runs-on: macos-14
     steps:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
@@ -82,6 +89,8 @@ jobs:
   pod-lint:
     name: Lint Podspec
     needs: test
+    permissions:
+      contents: read
     runs-on: macos-14
     steps:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
@@ -99,6 +108,8 @@ jobs:
   carthage-build:
     name: Carthage Build
     needs: test
+    permissions:
+      contents: read
     runs-on: ${{ matrix.os }}
     continue-on-error: ${{ matrix.experimental }}
     strategy:
@@ -129,6 +140,8 @@ jobs:
   swift-package-build:
     name: Swift Package Build
     needs: test
+    permissions:
+      contents: read
     runs-on: macos-14
     steps:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
@@ -146,6 +159,10 @@ jobs:
   size-report:
     name: Cocoapods size report
     if: github.event_name == 'pull_request'
+    permissions:
+      pull-requests: write
+      contents: read
+      issues: write
     runs-on: macos-14
     steps:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
@@ -209,6 +226,8 @@ jobs:
   samples:
     name: Build Samples
     needs: test
+    permissions:
+      contents: read
     runs-on: ${{ matrix.os }}
     continue-on-error: ${{ matrix.experimental }}
     strategy:
@@ -246,6 +265,8 @@ jobs:
       - carthage-build
       - swift-package-build
       - samples
+    permissions:
+      contents: write
     runs-on: macos-14
     steps:
       - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2