diff --git a/testfiles/addworkflow/expected-scorecards.yml b/testfiles/addworkflow/expected-scorecards.yml
index 8106bf198..7ab71d041 100644
--- a/testfiles/addworkflow/expected-scorecards.yml
+++ b/testfiles/addworkflow/expected-scorecards.yml
@@ -28,6 +28,11 @@ jobs:
       id-token: write
       contents: read
       actions: read
+      # To allow GraphQL ListCommits to work
+      issues: read
+      pull-requests: read
+      # To detect SAST tools
+      checks: read
 
     steps:
       - name: "Checkout code"
diff --git a/workflow-templates/scorecards.yml b/workflow-templates/scorecards.yml
index b4b777e6d..08c7a05fc 100644
--- a/workflow-templates/scorecards.yml
+++ b/workflow-templates/scorecards.yml
@@ -28,6 +28,11 @@ jobs:
       id-token: write
       contents: read
       actions: read
+      # To allow GraphQL ListCommits to work
+      issues: read
+      pull-requests: read
+      # To detect SAST tools
+      checks: read
 
     steps:
       - name: "Checkout code"