diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index 710b938..68e23c1 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -1,4 +1,5 @@
 name: "CodeQL"
+
 on:
   push:
     branches: [ "main" ]
@@ -6,28 +7,38 @@ on:
     branches: [ "main" ]
   schedule:
     - cron: "0 0 * * *"
+
 # Declare default permissions as read only.
-permissions: read-all
+permissions:
+  contents: read
+
 jobs:
   analyze:
     name: Analyze
     runs-on: ubuntu-latest
     permissions:
+      actions: read
+      contents: read
       security-events: write
+
     strategy:
       fail-fast: false
       matrix:
-        language: [solidity]
+        language: [python]
+
     steps:
       - name: Checkout
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
+
       - name: Initialize CodeQL
         uses: github/codeql-action/init@f779452ac5af1c261dce0346a8f964149f49322b #v3.26.13
         with:
           languages: ${{ matrix.language }}
           queries: +security-and-quality
+
       - name: Autobuild
         uses: github/codeql-action/autobuild@f779452ac5af1c261dce0346a8f964149f49322b #v3.26.13
+
       - name: Perform CodeQL Analysis
         uses: github/codeql-action/analyze@f779452ac5af1c261dce0346a8f964149f49322b #v3.26.13
         with: