diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index e4c1cbcd241..6d5e39ca1e5 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -21,7 +21,7 @@ on:
     branches: [ master ]
 
 
-permissions: read-all
+permissions: {}
 
 jobs:
   analyze:
diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml
index a16c618f59a..604231054e2 100644
--- a/.github/workflows/lint.yaml
+++ b/.github/workflows/lint.yaml
@@ -23,7 +23,8 @@ on:
   merge_group:
     branches: [ master ]
 
-permissions: read-all
+permissions:
+  contents: read
 
 jobs:
   lint:
diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml
index 23193300822..20ab9adfc14 100644
--- a/.github/workflows/scorecards.yml
+++ b/.github/workflows/scorecards.yml
@@ -8,7 +8,7 @@ on:
     branches: [ master ]
 
 # Declare default permissions as read only.
-permissions: read-all
+permissions: {}
 
 jobs:
   analysis: