diff --git a/.github/workflows/scan.yaml b/.github/workflows/scan.yaml
index cad18be7..401af241 100644
--- a/.github/workflows/scan.yaml
+++ b/.github/workflows/scan.yaml
@@ -27,6 +27,8 @@ jobs:
 
   snyk:
     name: Snyk
+    permisions:
+      security-events: write
     runs-on: ubuntu-latest
     if: (github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.repository) && github.actor != 'dependabot[bot]'
     steps:
diff --git a/.github/workflows/update.yaml b/.github/workflows/update.yaml
index cac03dea..72c15457 100644
--- a/.github/workflows/update.yaml
+++ b/.github/workflows/update.yaml
@@ -12,6 +12,9 @@ permissions:
 
 jobs:
   update-components:
+    permissions:
+      contents: write
+      pull-requests: write
     runs-on: ubuntu-latest
     steps:
       - name: Check out code