diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml
index 42c763c96..8369cec24 100644
--- a/.github/workflows/cd.yml
+++ b/.github/workflows/cd.yml
@@ -1,4 +1,5 @@
 name: Run CD
+permissions: read-all
 on:
   workflow_dispatch:
 
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index b0374b531..50a7fcacd 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -1,4 +1,5 @@
 name: Run CI
+permissions: read-all
 on:
   push:
     branches:
diff --git a/.github/workflows/codacy_coverage_reporter.yml b/.github/workflows/codacy_coverage_reporter.yml
index a6826c9c5..f5c426c05 100644
--- a/.github/workflows/codacy_coverage_reporter.yml
+++ b/.github/workflows/codacy_coverage_reporter.yml
@@ -1,5 +1,5 @@
 name: Codacy Coverage Reporter
-
+permissions: read-all
 on:
   workflow_run:
      workflows: ["Run CI"]
diff --git a/.github/workflows/issues.yml b/.github/workflows/issues.yml
index 72c8c20c0..896bf413f 100644
--- a/.github/workflows/issues.yml
+++ b/.github/workflows/issues.yml
@@ -1,5 +1,5 @@
 name: Add new issues to the NCL planning project and label them
-
+permissions: {}
 on:
   issues:
     types:
@@ -10,6 +10,7 @@ on:
 jobs:
   add-to-project:
     name: Add issue to project
+    permissions: {}
     runs-on: ubuntu-latest
     steps:
       - uses: actions/add-to-project@v0.4.0