diff --git a/.github/workflows/astro-build-test.yml b/.github/workflows/astro-build-test.yml
index e6e226c..f874d3a 100644
--- a/.github/workflows/astro-build-test.yml
+++ b/.github/workflows/astro-build-test.yml
@@ -12,6 +12,10 @@ on:
       - 'README.md'
       - 'docs/**'
 
+permissions:
+  contents: read
+  actions: read
+
 jobs:
   build-and-test:
     name: Build and Test Astro Project
diff --git a/.github/workflows/docker-scan.yml b/.github/workflows/docker-scan.yml
index 90eb88c..6aa713c 100644
--- a/.github/workflows/docker-scan.yml
+++ b/.github/workflows/docker-scan.yml
@@ -18,6 +18,10 @@ on:
   schedule:
     - cron: '0 0 * * 0'  # Run weekly on Sunday at midnight
 
+permissions:
+  contents: read
+  actions: read
+
 jobs:
   scan:
     name: Scan Docker Image