diff --git a/.github/workflows/ci-cd.yml b/.github/workflows/ci-cd.yml
index 95f001e1f..bf1aa6a33 100644
--- a/.github/workflows/ci-cd.yml
+++ b/.github/workflows/ci-cd.yml
@@ -2,6 +2,9 @@ name: CI/CD Pipeline
 
 on: [push, pull_request, workflow_dispatch]
 
+permissions:
+  contents: write
+
 jobs:
   ci:
     name: Continuous Integration
diff --git a/.github/workflows/sonarcloud.yml b/.github/workflows/sonarcloud.yml
index 5f12a604b..021e0577b 100644
--- a/.github/workflows/sonarcloud.yml
+++ b/.github/workflows/sonarcloud.yml
@@ -9,6 +9,11 @@ on:
     types: [opened, synchronize, reopened]
     paths-ignore: ['.vscode/**']
 
+
+permissions:
+  contents: read
+  pull-requests: read
+
 env:
   SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}