diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml
index 430ce95..fb6e47d 100644
--- a/.github/workflows/security.yml
+++ b/.github/workflows/security.yml
@@ -74,6 +74,8 @@ jobs:
     name: Snyk Security Scan
 
     runs-on: ubuntu-latest
+    permissions:
+      contents: read
 
     steps:
       - name: Checkout code