diff --git a/.github/workflows/osv-scanner-pr.yml b/.github/workflows/osv-scanner-pr.yml
index f72bc4c9..93b10170 100644
--- a/.github/workflows/osv-scanner-pr.yml
+++ b/.github/workflows/osv-scanner-pr.yml
@@ -9,7 +9,7 @@ on:
 
 # Declare default permissions as read only.
 permissions:
-  # Only need to read contents
+  actions: read
   contents: read
   # Require writing security events to upload SARIF file to security tab
   security-events: write
diff --git a/.github/workflows/osv-scanner-scheduled.yml b/.github/workflows/osv-scanner-scheduled.yml
index f9d04c0e..f853b5e2 100644
--- a/.github/workflows/osv-scanner-scheduled.yml
+++ b/.github/workflows/osv-scanner-scheduled.yml
@@ -8,7 +8,7 @@ on:
     branches: [ main ]
 
 permissions:
-  # Only need to read contents
+  actions: read
   contents: read
   # Require writing security events to upload SARIF file to security tab
   security-events: write