diff --git a/.github/workflows/check-lib.yml b/.github/workflows/check-lib.yml
index c86ef4ff..a4e87bd4 100644
--- a/.github/workflows/check-lib.yml
+++ b/.github/workflows/check-lib.yml
@@ -5,6 +5,7 @@ jobs:
   check-lib:
     name: Check main.js
     runs-on: ubuntu-latest
+    permissions: read-all
     steps:
     - name: Check out
       uses: actions/checkout@v3
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 11d0280f..4102e6f9 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -4,6 +4,7 @@ jobs:
   build_test_job:
     name: 'Build and test job'
     runs-on: ${{ matrix.os }}
+    permissions: read-all
     strategy:
         matrix:
           os: [windows-latest, ubuntu-latest]
diff --git a/.github/workflows/defaultLabels.yml b/.github/workflows/defaultLabels.yml
index 74d39a57..e65d0312 100644
--- a/.github/workflows/defaultLabels.yml
+++ b/.github/workflows/defaultLabels.yml
@@ -10,6 +10,7 @@ jobs:
   build:
     # The type of runner that the job will run on
     runs-on: ubuntu-latest
+    permissions: read-all
 
     # Steps represent a sequence of tasks that will be executed as part of the job
     steps:
diff --git a/.github/workflows/pr-check.yml b/.github/workflows/pr-check.yml
index f522d97b..b61f72dc 100644
--- a/.github/workflows/pr-check.yml
+++ b/.github/workflows/pr-check.yml
@@ -16,6 +16,7 @@ jobs:
   deploy:
     environment: Automation test # this environment requires approval before running the action
     runs-on: ${{ matrix.os }}
+    permissions: read-all
     continue-on-error: true
     strategy:
       matrix:
diff --git a/.github/workflows/run-integration-tests.yml b/.github/workflows/run-integration-tests.yml
index 8d06df47..1c5ac175 100644
--- a/.github/workflows/run-integration-tests.yml
+++ b/.github/workflows/run-integration-tests.yml
@@ -3,6 +3,7 @@ jobs:
   trigger-integration-tests:
     name: Trigger Integration Tests
     runs-on: ubuntu-latest
+    permissions: read-all
     steps:
       - name: Trigger test run
         run: |