diff --git a/.github/workflows/deploy-docs.yml b/.github/workflows/deploy-docs.yml
index 32106e4a055..735f9ff7a77 100644
--- a/.github/workflows/deploy-docs.yml
+++ b/.github/workflows/deploy-docs.yml
@@ -3,6 +3,10 @@ on:
   push:
     branches:
       - main
+
+permissions:
+  contents: write
+
 jobs:
   build-and-deploy:
     name: Build and Deploy
diff --git a/.github/workflows/github-ci.yml b/.github/workflows/github-ci.yml
index 901e4677099..29c1a243b0c 100644
--- a/.github/workflows/github-ci.yml
+++ b/.github/workflows/github-ci.yml
@@ -8,6 +8,9 @@ on:
     branches:
       - main
 
+# No permissions are required for this workflow
+permissions: {}
+
 jobs:
   test:
     name: General checks and tests
diff --git a/.github/workflows/issues.yml b/.github/workflows/issues.yml
index 017058ae075..f4603cfbcac 100644
--- a/.github/workflows/issues.yml
+++ b/.github/workflows/issues.yml
@@ -3,6 +3,9 @@ on:
   schedule:
     - cron: '00 20 * * *'
 
+permissions:
+  issues: write
+
 jobs:
   stale:
     name: Flag and close stale issues
diff --git a/.github/workflows/reuse-compliance.yml b/.github/workflows/reuse-compliance.yml
index a77eef3eac9..191f39cadab 100644
--- a/.github/workflows/reuse-compliance.yml
+++ b/.github/workflows/reuse-compliance.yml
@@ -8,6 +8,9 @@ on:
     branches:
       - main
 
+# No permissions are required for this workflow
+permissions: {}
+
 jobs:
   compliance-check:
     name: Compliance Check
diff --git a/.github/workflows/security-audit.yml b/.github/workflows/security-audit.yml
index 6a1754abcf9..546ca2a6e63 100644
--- a/.github/workflows/security-audit.yml
+++ b/.github/workflows/security-audit.yml
@@ -4,6 +4,10 @@ on:
   schedule:
     - cron: "36 4 * * *" # Run once a day
   workflow_dispatch:
+
+# No permissions are required for this workflow
+permissions: {}
+
 jobs:
   security-scan:
     name: Security Audit