diff --git a/.github/workflows/sec-opengrep.yml b/.github/workflows/sec-opengrep.yml
index fb684bd..528ecdd 100644
--- a/.github/workflows/sec-opengrep.yml
+++ b/.github/workflows/sec-opengrep.yml
@@ -9,7 +9,7 @@ on:
 
 permissions:
   contents: read
-  actions: write
+  actions: read
   security-events: write
 
 env:
@@ -36,7 +36,7 @@ jobs:
           echo "[+] Finished installing opengrep"
 
       - name: "Run Opengrep"
-        run: opengrep scan --metrics=off --sarif-output ./results.sarif .
+        run: opengrep scan --metrics=on --sarif-output ./results.sarif .
 
       - name: "Upload SARIF file"
         uses: github/codeql-action/upload-sarif@v3