diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index 45cf724..5ad71d1 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -20,6 +20,10 @@ on:
   schedule:
     - cron: '31 21 * * 6'
 
+# Minimal permissions to be inherited by any job that don't declare it's own permissions
+permissions:
+  contents: read
+
 jobs:
   analyze:
     name: Analyze
diff --git a/.github/workflows/go.yml b/.github/workflows/go.yml
index 20b61d4..5f8d7c4 100644
--- a/.github/workflows/go.yml
+++ b/.github/workflows/go.yml
@@ -7,6 +7,10 @@ on:
       - main
       - 'release-*'
 
+# Minimal permissions to be inherited by any job that don't declare it's own permissions
+permissions:
+  contents: read
+
 jobs:
   test:
     name: Tests
@@ -39,4 +43,4 @@ jobs:
 
       - name: Run style and unused
         if: ${{ matrix.go_version == '1.20' }}
-        run: make style unused
\ No newline at end of file
+        run: make style unused