diff --git a/.github/workflows/bandit.yml b/.github/workflows/bandit.yml
index ec9fd2a..8fc6af3 100644
--- a/.github/workflows/bandit.yml
+++ b/.github/workflows/bandit.yml
@@ -9,10 +9,12 @@ on:
 jobs:
   analyze:
     runs-on: 'ubuntu-latest'
+
     permissions:
       security-events: write
       actions: read
       contents: read
+    
     steps:
     - name: Set up Python 3.9
       uses: actions/setup-python@v5
diff --git a/.github/workflows/check-build.yml b/.github/workflows/check-build.yml
index c22599b..5e8042c 100644
--- a/.github/workflows/check-build.yml
+++ b/.github/workflows/check-build.yml
@@ -11,6 +11,9 @@ jobs:
   build-test:
     runs-on: 'ubuntu-latest'
 
+    permissions:
+      contents: read
+
     steps:
       - name: Checkout
         uses: actions/checkout@v4