diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml
index cbabd5a..bf58656 100644
--- a/.github/workflows/security.yml
+++ b/.github/workflows/security.yml
@@ -9,6 +9,9 @@ on:
     # Run security scans weekly on Sunday at 2 AM UTC
     - cron: '0 2 * * 0'
 
+permissions:
+  contents: read
+
 jobs:
   dependency-review:
     name: Dependency Review