diff --git a/.github/workflows/Security-Notification.yml b/.github/workflows/Security-Notification.yml
index c532741..a820c20 100644
--- a/.github/workflows/Security-Notification.yml
+++ b/.github/workflows/Security-Notification.yml
@@ -7,6 +7,9 @@ on:
   # Allows you to test manually
   workflow_dispatch:
 
+permissions:
+  contents: read
+
 jobs:
   check-alerts:
     runs-on: ubuntu-latest
diff --git a/.github/workflows/audit-python-fastapi.yml b/.github/workflows/audit-python-fastapi.yml
index a5d51c0..fc3ab7b 100644
--- a/.github/workflows/audit-python-fastapi.yml
+++ b/.github/workflows/audit-python-fastapi.yml
@@ -7,6 +7,9 @@ on:
     paths:
       - 'mflix/server/python-fastapi/**'
 
+permissions:
+  contents: read
+
 jobs:
   audit:
     name: pip-audit (Python FastAPI)
diff --git a/.github/workflows/audit-tanstack.yml b/.github/workflows/audit-tanstack.yml
index 99e6dd1..60903ed 100644
--- a/.github/workflows/audit-tanstack.yml
+++ b/.github/workflows/audit-tanstack.yml
@@ -8,6 +8,9 @@ on:
     paths:
       - 'frameworks/javascript/tanstack/**'
 
+permissions:
+  contents: read
+
 jobs:
   audit:
     name: npm audit (TanStack)
diff --git a/.github/workflows/new-issue-notify.yml b/.github/workflows/new-issue-notify.yml
index c4776fe..61620cd 100644
--- a/.github/workflows/new-issue-notify.yml
+++ b/.github/workflows/new-issue-notify.yml
@@ -5,6 +5,7 @@ on:
   issues:
     types: [opened]
 
+permissions: {}
 
 jobs:
   notify_slack_on_issue:
diff --git a/.github/workflows/run-express-tests.yml b/.github/workflows/run-express-tests.yml
index 5f2fdd4..2fe93b5 100644
--- a/.github/workflows/run-express-tests.yml
+++ b/.github/workflows/run-express-tests.yml
@@ -12,6 +12,9 @@ on:
     paths:
       - 'mflix/server/js-express/**'
 
+permissions:
+  contents: read
+
 jobs:
   test:
     name: Run Express Tests
diff --git a/.github/workflows/run-java-spring-boot-tests.yml b/.github/workflows/run-java-spring-boot-tests.yml
index 2709569..d319e6b 100644
--- a/.github/workflows/run-java-spring-boot-tests.yml
+++ b/.github/workflows/run-java-spring-boot-tests.yml
@@ -12,6 +12,9 @@ on:
     paths:
       - 'mflix/server/java-spring/**'
 
+permissions:
+  contents: read
+
 jobs:
   test:
     name: Run Java Spring Boot Tests
diff --git a/.github/workflows/run-python-tests.yml b/.github/workflows/run-python-tests.yml
index 4568fa9..be9b554 100644
--- a/.github/workflows/run-python-tests.yml
+++ b/.github/workflows/run-python-tests.yml
@@ -12,6 +12,9 @@ on:
     paths:
       - 'mflix/server/python-fastapi/**'
 
+permissions:
+  contents: read
+
 jobs:
   test:
     name: Run Python Tests
diff --git a/.github/workflows/run-tanstack-tests.yml b/.github/workflows/run-tanstack-tests.yml
index 8685980..87c40fe 100644
--- a/.github/workflows/run-tanstack-tests.yml
+++ b/.github/workflows/run-tanstack-tests.yml
@@ -14,6 +14,9 @@ on:
     paths:
       - 'frameworks/javascript/tanstack/**'
 
+permissions:
+  contents: read
+
 jobs:
   test:
     name: Run TanStack Tests