diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index d9bedc14d..c3b9424f6 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -7,6 +7,11 @@ on:
   schedule:
     - cron: '0 8 * * *'
 
+permissions:
+  contents: read # these permissions are required to run the codeql analysis
+  actions: read
+  security-events: write
+
 jobs:
   analyze:
     name: CodeQL Analysis