diff --git a/.github/workflows/continuous-integration.yml b/.github/workflows/continuous-integration.yml
index 817d598..0e3232a 100644
--- a/.github/workflows/continuous-integration.yml
+++ b/.github/workflows/continuous-integration.yml
@@ -23,6 +23,10 @@ on:
             - '**/*.swift'
 
 
+permissions:
+  contents: read
+
+
 jobs:
 
     swift-lint:
diff --git a/.github/workflows/openssf-scorecard.yml b/.github/workflows/openssf-scorecard.yml
index 8c4b41c..ca69eb8 100644
--- a/.github/workflows/openssf-scorecard.yml
+++ b/.github/workflows/openssf-scorecard.yml
@@ -22,7 +22,10 @@ on:
     # Weekly on Saturdays.
     - cron:  '30 1 * * 6'
 
-permissions: read-all
+
+permissions:
+  contents: read
+
 
 jobs:
   analysis:
diff --git a/.github/workflows/oss-review-toolkit.yml b/.github/workflows/oss-review-toolkit.yml
index 472ae55..0acdc99 100644
--- a/.github/workflows/oss-review-toolkit.yml
+++ b/.github/workflows/oss-review-toolkit.yml
@@ -17,6 +17,10 @@ on:
         - cron:  '30 1 1 * *'
 
 
+permissions:
+  contents: read
+
+
 jobs:
     oss-review-toolkit:
         runs-on: ubuntu-24.04
diff --git a/.github/workflows/reuse-compliance.yml b/.github/workflows/reuse-compliance.yml
index 7f13dd7..34f049e 100644
--- a/.github/workflows/reuse-compliance.yml
+++ b/.github/workflows/reuse-compliance.yml
@@ -7,6 +7,10 @@ name: REUSE Compliance Check
 on: [push, pull_request]
 
 
+permissions:
+  contents: read
+
+
 jobs:
   test-reuse-compliance:
     runs-on: ubuntu-22.04