diff --git a/.github/workflows/osv-scanner-reusable-pr.yml b/.github/workflows/osv-scanner-reusable-pr.yml
index 76e624e..449ee64 100644
--- a/.github/workflows/osv-scanner-reusable-pr.yml
+++ b/.github/workflows/osv-scanner-reusable-pr.yml
@@ -16,6 +16,7 @@
 name: "OSV-Scanner PR Scanning"
 
 permissions:
+  actions: read
   contents: read
   security-events: write
 
diff --git a/.github/workflows/osv-scanner-reusable.yml b/.github/workflows/osv-scanner-reusable.yml
index 86cac3f..73895ea 100644
--- a/.github/workflows/osv-scanner-reusable.yml
+++ b/.github/workflows/osv-scanner-reusable.yml
@@ -16,6 +16,7 @@
 name: OSV-Scanner single vulnerability scan
 
 permissions:
+  actions: read
   contents: read
   security-events: write