diff --git a/.github/workflows/CI.yml b/.github/workflows/CI.yml
index 945bf25..be1cfbb 100644
--- a/.github/workflows/CI.yml
+++ b/.github/workflows/CI.yml
@@ -21,6 +21,9 @@ on: # Build any PRs and main branch changes
   schedule:
     - cron: '0 0 1 * *' # Every month
 
+permissions:
+  contents: read
+
 concurrency:
   group: "${{ github.workflow }}-${{ github.head_ref || github.ref }}"
   cancel-in-progress: true
diff --git a/.github/workflows/auto-merge-dependabot.yml b/.github/workflows/auto-merge-dependabot.yml
index aeb7eb7..72e796a 100644
--- a/.github/workflows/auto-merge-dependabot.yml
+++ b/.github/workflows/auto-merge-dependabot.yml
@@ -8,6 +8,9 @@ permissions:
 jobs:
   dependabot:
     runs-on: ubuntu-latest
+    permissions:
+      contents: write
+      pull-requests: write
     if: github.event.pull_request.user.login == 'dependabot[bot]' && github.repository == 'yoanm/symfony-jsonrpc-http-server'
     steps:
       - name: Dependabot metadata
diff --git a/.github/workflows/coverage-upload.yml b/.github/workflows/coverage-upload.yml
index 9428e0d..1aeac5c 100644
--- a/.github/workflows/coverage-upload.yml
+++ b/.github/workflows/coverage-upload.yml
@@ -4,6 +4,10 @@ on:
     workflows: ["CI"]
     types: [completed]
 
+permissions:
+  contents: read
+  checks: write # For the check run creation !
+
 jobs:
   upload:
     name: Upload
diff --git a/.github/workflows/nightly-tests.yml b/.github/workflows/nightly-tests.yml
index fe8e177..3018c9e 100644
--- a/.github/workflows/nightly-tests.yml
+++ b/.github/workflows/nightly-tests.yml
@@ -4,9 +4,13 @@ on:
     workflows: ["CI"]
     types: [completed]
 
+permissions:
+  contents: read
+  checks: write # For the check run creation !
+
 jobs:
-  nightly:
-    name: Nightly
+  tests:
+    name: Tests
     permissions:
       contents: read
       checks: write # For the check run creation !
diff --git a/.github/workflows/pre-check-CI-updates.yml b/.github/workflows/pre-check-CI-updates.yml
index 35cbda9..0c1d18c 100644
--- a/.github/workflows/pre-check-CI-updates.yml
+++ b/.github/workflows/pre-check-CI-updates.yml
@@ -19,6 +19,11 @@ on:
       - '.github/workflows/reusable-nightly-tests-workflow.yml'
       - '.github/workflows/auto-merge-dependabot.yml'
 
+
+permissions:
+  contents: read
+  checks: write # For the check run creation !
+
 concurrency:
   group: "${{ github.workflow }}-${{ github.head_ref || github.ref }}"
   cancel-in-progress: true
diff --git a/.github/workflows/reusable-nightly-tests-workflow.yml b/.github/workflows/reusable-nightly-tests-workflow.yml
index 87dbd86..f7f3984 100644
--- a/.github/workflows/reusable-nightly-tests-workflow.yml
+++ b/.github/workflows/reusable-nightly-tests-workflow.yml
@@ -36,7 +36,7 @@ jobs:
       - name: 'Check run ○'
         uses: yoanm/temp-reports-group-workspace/utils/attach-check-run-to-triggering-workflow@v0
         with:
-          name: 'Fetch supported versions'
+          name: 'Nightly / Fetch supported versions'
           fails-on-triggering-workflow-failure: true
 
       - name: Fetch PHP supported versions
@@ -97,7 +97,7 @@ jobs:
       - name: 'Check run ○'
         uses: yoanm/temp-reports-group-workspace/utils/attach-check-run-to-triggering-workflow@v0
         with:
-          name: ${{ matrix.job-name }}
+          name: 'Nightly / ${{ matrix.job-name }}'
           fails-on-triggering-workflow-failure: true
 
       - name: Check out code