diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml
index a7d57af04e..e3ebe2097a 100644
--- a/.github/workflows/build.yaml
+++ b/.github/workflows/build.yaml
@@ -7,6 +7,8 @@ on:
     branches:
       - 'main'
 
+permissions: read-all
+
 jobs:
   pre-checks:
     runs-on: ubuntu-latest
diff --git a/.github/workflows/e2e.yaml b/.github/workflows/e2e.yaml
index 3683fb794e..5ae0804dfb 100644
--- a/.github/workflows/e2e.yaml
+++ b/.github/workflows/e2e.yaml
@@ -17,6 +17,8 @@ on:
       - 'docs/**'
       - '.github/config.yml'
 
+permissions: read-all
+
 jobs:
   e2e-test:
     runs-on: ubuntu-latest
diff --git a/.github/workflows/fossa.yml b/.github/workflows/fossa.yml
index c977e875dd..b0acaea5c3 100644
--- a/.github/workflows/fossa.yml
+++ b/.github/workflows/fossa.yml
@@ -5,6 +5,8 @@ on:
   pull_request:
     branches: [master]
 
+permissions: read-all
+
 jobs:
   build:
     runs-on: ubuntu-latest
diff --git a/.github/workflows/helm-release.yaml b/.github/workflows/helm-release.yaml
index 0d4ae52efd..460d179878 100644
--- a/.github/workflows/helm-release.yaml
+++ b/.github/workflows/helm-release.yaml
@@ -4,6 +4,8 @@ on:
     tags:
       - 'helm-chart-v*'
 
+permissions: read-all
+
 jobs:
   helm-tests:
     runs-on: ubuntu-latest
diff --git a/.github/workflows/helm-test.yaml b/.github/workflows/helm-test.yaml
index 1c1b4c099c..0898ab6d6e 100644
--- a/.github/workflows/helm-test.yaml
+++ b/.github/workflows/helm-test.yaml
@@ -7,6 +7,8 @@ on:
       - 'charts/kyverno/**'
       - '.github/workflows/helm-test.yaml'
 
+permissions: read-all
+
 jobs:
   helm-tests:
     runs-on: ubuntu-latest