diff --git a/.github/workflows/devops-secure-scanning.yml b/.github/workflows/devops-secure-scanning.yml
index a207bb0..5a29f9c 100644
--- a/.github/workflows/devops-secure-scanning.yml
+++ b/.github/workflows/devops-secure-scanning.yml
@@ -9,6 +9,10 @@ on:
     branches:
       - main
 
+permissions:
+  contents: read # This is required for actions/checkout
+  security-events: write # Required to publish security alerts
+
 jobs:
   sample:
     name: Microsoft Security DevOps Analysis