diff --git a/.github/workflows/add-to-project.yml b/.github/workflows/add-to-project.yml
index e0b06990f..e96336264 100644
--- a/.github/workflows/add-to-project.yml
+++ b/.github/workflows/add-to-project.yml
@@ -5,6 +5,8 @@ on:
       - opened
       - labeled
 
+permissions: {}
+
 jobs:
   add-to-project:
     if: github.repository_owner == 'GameServerManagers'
diff --git a/.github/workflows/details-check.yml b/.github/workflows/details-check.yml
index f52d12c5a..7916b9aae 100644
--- a/.github/workflows/details-check.yml
+++ b/.github/workflows/details-check.yml
@@ -6,6 +6,9 @@ on:
     branches:
       - develop
 
+permissions:
+  contents: read
+
 concurrency:
   group: details-check-${{ github.ref_name }}
   cancel-in-progress: true
diff --git a/.github/workflows/git-sync.yml b/.github/workflows/git-sync.yml
index 544ba6892..42c660d9b 100644
--- a/.github/workflows/git-sync.yml
+++ b/.github/workflows/git-sync.yml
@@ -7,6 +7,8 @@ on:
       - master
       - develop
 
+permissions: {}
+
 jobs:
   gitHub-to-bitbucket:
     if: github.repository_owner == 'GameServerManagers'
diff --git a/.github/workflows/potential-duplicates.yml b/.github/workflows/potential-duplicates.yml
index ea0ba23fd..39a3189d8 100644
--- a/.github/workflows/potential-duplicates.yml
+++ b/.github/workflows/potential-duplicates.yml
@@ -3,6 +3,10 @@ on:
   issues:
     types:
       - opened
+
+permissions:
+  issues: write
+
 jobs:
   potential-duplicates:
     if: github.repository_owner == 'GameServerManagers'
diff --git a/.github/workflows/serverlist-validate.yml b/.github/workflows/serverlist-validate.yml
index f4a95a039..c2605b062 100644
--- a/.github/workflows/serverlist-validate.yml
+++ b/.github/workflows/serverlist-validate.yml
@@ -3,6 +3,9 @@ on:
   workflow_dispatch:
   push:
 
+permissions:
+  contents: read
+
 jobs:
   serverlist-validate:
     if: github.repository_owner == 'GameServerManagers'
diff --git a/.github/workflows/trigger-docker-build.yml b/.github/workflows/trigger-docker-build.yml
index ab37c882d..390123322 100644
--- a/.github/workflows/trigger-docker-build.yml
+++ b/.github/workflows/trigger-docker-build.yml
@@ -6,6 +6,8 @@ on:
     types:
       - published
 
+permissions: {}
+
 jobs:
   trigger_build_docker-linuxgsm:
     if: github.repository_owner == 'GameServerManagers'
diff --git a/.github/workflows/update-check.yml b/.github/workflows/update-check.yml
index 2f2f7babc..e1f4bb615 100644
--- a/.github/workflows/update-check.yml
+++ b/.github/workflows/update-check.yml
@@ -6,6 +6,8 @@ on:
     branches:
       - develop
 
+permissions: {}
+
 concurrency:
   group: update-check-${{ github.ref_name }}
   cancel-in-progress: true
diff --git a/.github/workflows/update-copyright-years-in-license-file.yml b/.github/workflows/update-copyright-years-in-license-file.yml
index 3301c9cb7..1123b8cce 100644
--- a/.github/workflows/update-copyright-years-in-license-file.yml
+++ b/.github/workflows/update-copyright-years-in-license-file.yml
@@ -4,6 +4,10 @@ on:
   schedule:
     - cron: "0 3 1 1 *" # 03:00 AM on January 1
 
+permissions:
+  contents: write
+  pull-requests: write
+
 jobs:
   update-license-year:
     if: github.repository_owner == 'GameServerManagers'