diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index 9e3dcede8..8f06464d0 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -17,7 +17,6 @@ jobs:
   analyze:
     name: Analyze (${{ matrix.language }})
     permissions:
-      contents: read
       actions: read  # for github/codeql-action/init to get workflow details
       security-events: write  # for github/codeql-action/analyze to upload SARIF results
     strategy:
@@ -63,7 +62,6 @@ jobs:
 
   workflow-notification:
     permissions:
-      contents: read
       issues: write
     needs:
       - analyze
diff --git a/.github/workflows/issue-management-feedback-label.yml b/.github/workflows/issue-management-feedback-label.yml
index 411db8293..082b398fe 100644
--- a/.github/workflows/issue-management-feedback-label.yml
+++ b/.github/workflows/issue-management-feedback-label.yml
@@ -10,7 +10,6 @@ permissions:
 jobs:
   issue_comment:
     permissions:
-      contents: read
       issues: write
       pull-requests: write
     if: >
diff --git a/.github/workflows/issue-management-stale-action.yml b/.github/workflows/issue-management-stale-action.yml
index 44fd26028..cc968577a 100644
--- a/.github/workflows/issue-management-stale-action.yml
+++ b/.github/workflows/issue-management-stale-action.yml
@@ -11,7 +11,6 @@ permissions:
 jobs:
   stale:
     permissions:
-      contents: read
       issues: write  # for actions/stale to close stale issues
       pull-requests: write  # for actions/stale to close stale PRs
     runs-on: ubuntu-latest
diff --git a/.github/workflows/ossf-scorecard.yml b/.github/workflows/ossf-scorecard.yml
index e30aadd32..8f2540bec 100644
--- a/.github/workflows/ossf-scorecard.yml
+++ b/.github/workflows/ossf-scorecard.yml
@@ -14,7 +14,6 @@ permissions:
 jobs:
   analysis:
     permissions:
-      contents: read
       # Needed for Code scanning upload
       security-events: write
       # Needed for GitHub OIDC token if publish_results is true
diff --git a/.github/workflows/reusable-workflow-notification.yml b/.github/workflows/reusable-workflow-notification.yml
index d45bf4e07..ce0cc3441 100644
--- a/.github/workflows/reusable-workflow-notification.yml
+++ b/.github/workflows/reusable-workflow-notification.yml
@@ -15,7 +15,6 @@ permissions:
 jobs:
   workflow-notification:
     permissions:
-      contents: read
       issues: write
     runs-on: ubuntu-latest
     steps: