diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index fb2a0cb..0c5a4a0 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -70,6 +70,8 @@ jobs:
   scan:
     name: Scan current image & report results
     needs: build
+    permissions:
+      security-events: write
     runs-on: "ubuntu-latest"
     steps:
       - name: Run Trivy vulnerability scanner
diff --git a/.github/workflows/scan.yml b/.github/workflows/scan.yml
index 8e83ad1..44235fa 100644
--- a/.github/workflows/scan.yml
+++ b/.github/workflows/scan.yml
@@ -9,6 +9,8 @@ on:
 jobs:
   scan:
     name: Scan current image & report results
+    permissions:
+      security-events: write
     runs-on: "ubuntu-latest"
     steps:
       - name: Run Trivy vulnerability scanner