diff --git a/.github/workflows/build-docker-image.yml b/.github/workflows/build-docker-image.yml
index b6e79440..dd971ea1 100644
--- a/.github/workflows/build-docker-image.yml
+++ b/.github/workflows/build-docker-image.yml
@@ -1,4 +1,6 @@
 name: Build Docker Image
+permissions:
+  contents: read
 on:
   workflow_dispatch:
   pull_request:
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 047ed6c9..c62a3e47 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -1,4 +1,6 @@
 name: Build
+permissions:
+  contents: read
 on:
   workflow_dispatch:
   pull_request:
diff --git a/.github/workflows/check-changes-to-env.yml b/.github/workflows/check-changes-to-env.yml
index dcaa3aa8..05e608b7 100644
--- a/.github/workflows/check-changes-to-env.yml
+++ b/.github/workflows/check-changes-to-env.yml
@@ -1,4 +1,8 @@
 name: Check Changes to Env
+permissions:
+  contents: read
+  pull-requests: read
+  issues: write
 on:
   pull_request:
     types: [opened, synchronize]
diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
index da8a38e0..1deeb759 100644
--- a/.github/workflows/lint.yml
+++ b/.github/workflows/lint.yml
@@ -1,4 +1,6 @@
 name: Lint
+permissions:
+  contents: read
 on:
   workflow_dispatch:
   pull_request:
diff --git a/.github/workflows/run-unit-tests.yml b/.github/workflows/run-unit-tests.yml
index cfd45ac3..a0e6fbf2 100644
--- a/.github/workflows/run-unit-tests.yml
+++ b/.github/workflows/run-unit-tests.yml
@@ -1,4 +1,6 @@
 name: Run Unit Tests
+permissions:
+  contents: read
 on:
   workflow_dispatch:
   pull_request:
diff --git a/.github/workflows/test-sql-queries.yml b/.github/workflows/test-sql-queries.yml
index c26d00fb..0973d12d 100644
--- a/.github/workflows/test-sql-queries.yml
+++ b/.github/workflows/test-sql-queries.yml
@@ -1,4 +1,6 @@
 name: Test SQL Queries
+permissions:
+  contents: read
 on:
   workflow_dispatch:
   pull_request: