diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index 677f99d..3ddb12c 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -1,5 +1,9 @@
 name: "Code scanning - action"
 
+permissions:
+  contents: read
+  security-events: write
+
 on:
   push:
   pull_request: