diff --git a/.github/workflows/continuous-integration-workflow.yml b/.github/workflows/continuous-integration-workflow.yml
index 2785cd3dc..08fe294d4 100644
--- a/.github/workflows/continuous-integration-workflow.yml
+++ b/.github/workflows/continuous-integration-workflow.yml
@@ -8,6 +8,9 @@ on:
       - 1.x
   workflow_dispatch:
 
+permissions:
+  contents: read
+
 jobs:
   build_core:
     name: Build and test core
diff --git a/.github/workflows/owasp-dependency-check.yml b/.github/workflows/owasp-dependency-check.yml
index fa2657740..b7df2a770 100644
--- a/.github/workflows/owasp-dependency-check.yml
+++ b/.github/workflows/owasp-dependency-check.yml
@@ -3,6 +3,9 @@ on:
   schedule:
     - cron: "10 10 * * 3"
 
+permissions:
+  contents: read
+
 jobs:
   owasp-dependency-check:
     name: Verify dependencies with OWASP checker
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 7ff2bea79..9faff653b 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -10,6 +10,9 @@ on:
         description: "Version to use for further development"
         required: true
         default: "X.Y.Z-SNAPSHOT"
+permissions:
+  contents: write
+
 jobs:
   release:
     runs-on: ubuntu-latest