diff --git a/.github/workflows/devcontainer-all.yaml b/.github/workflows/devcontainer-all.yaml
index 6419e8cf84..d2075ac0c6 100644
--- a/.github/workflows/devcontainer-all.yaml
+++ b/.github/workflows/devcontainer-all.yaml
@@ -21,6 +21,8 @@ jobs:
   build:
     if: ${{ vars.PUBLISH_DOCKER_IMAGE == 'true' }}
     runs-on: ubuntu-latest
+    permissions:
+      contents: read
     steps:
 
     - name: Checkout Repository
diff --git a/.github/workflows/devcontainer-azurertos.yaml b/.github/workflows/devcontainer-azurertos.yaml
index 2c88eff37f..3155de9da6 100644
--- a/.github/workflows/devcontainer-azurertos.yaml
+++ b/.github/workflows/devcontainer-azurertos.yaml
@@ -21,6 +21,8 @@ jobs:
   build:
     if: ${{ vars.PUBLISH_DOCKER_IMAGE == 'true' }}
     runs-on: ubuntu-latest
+    permissions:
+      contents: read
     steps:
     
     - name: Checkout Repository
diff --git a/.github/workflows/devcontainer-chibios.yaml b/.github/workflows/devcontainer-chibios.yaml
index e7d889cb7f..1f083ca3fb 100644
--- a/.github/workflows/devcontainer-chibios.yaml
+++ b/.github/workflows/devcontainer-chibios.yaml
@@ -21,6 +21,8 @@ jobs:
   build:
     if: ${{ vars.PUBLISH_DOCKER_IMAGE == 'true' }}
     runs-on: ubuntu-latest
+    permissions:
+      contents: read
     steps:
 
     - name: Checkout Repository
diff --git a/.github/workflows/devcontainer-esp32.yml b/.github/workflows/devcontainer-esp32.yml
index 615fbe127e..30cf6e919d 100644
--- a/.github/workflows/devcontainer-esp32.yml
+++ b/.github/workflows/devcontainer-esp32.yml
@@ -21,6 +21,8 @@ jobs:
   build:
     if: ${{ vars.PUBLISH_DOCKER_IMAGE == 'true' }}
     runs-on: ubuntu-latest
+    permissions:
+      contents: read
     steps:
 
     - name: Checkout Repository
diff --git a/.github/workflows/devcontainer-freertos-nxp.yaml b/.github/workflows/devcontainer-freertos-nxp.yaml
index c7b9ea03df..4a9529d936 100644
--- a/.github/workflows/devcontainer-freertos-nxp.yaml
+++ b/.github/workflows/devcontainer-freertos-nxp.yaml
@@ -21,6 +21,8 @@ jobs:
   build:
     if: ${{ vars.PUBLISH_DOCKER_IMAGE == 'true' }}
     runs-on: ubuntu-latest
+    permissions:
+      contents: read
     steps:
 
     - name: Checkout Repository
diff --git a/.github/workflows/devcontainer-smoketest.yaml b/.github/workflows/devcontainer-smoketest.yaml
index 11451091ef..572ea7d996 100644
--- a/.github/workflows/devcontainer-smoketest.yaml
+++ b/.github/workflows/devcontainer-smoketest.yaml
@@ -31,6 +31,8 @@ jobs:
         ]
 
     runs-on: ubuntu-latest
+    permissions:
+      contents: read
 
     steps:
       - uses: actions/checkout@v4
diff --git a/.github/workflows/devcontainer-ti.yaml b/.github/workflows/devcontainer-ti.yaml
index 54e4392b39..7747e756b1 100644
--- a/.github/workflows/devcontainer-ti.yaml
+++ b/.github/workflows/devcontainer-ti.yaml
@@ -21,6 +21,8 @@ jobs:
   build:
     if: ${{ vars.PUBLISH_DOCKER_IMAGE == 'true' }}
     runs-on: ubuntu-latest
+    permissions:
+      contents: read
     steps:
 
     - name: Checkout Repository