diff --git a/.github/workflows/compatibility-50.yml b/.github/workflows/compatibility-50.yml
index db5cd93..1d25b10 100644
--- a/.github/workflows/compatibility-50.yml
+++ b/.github/workflows/compatibility-50.yml
@@ -1,6 +1,8 @@
 name: zabbix_50
 run-name: Compatibility with Zabbix 5.0 test
-permissions: {}
+permissions:
+  contents: read
+  id-token: read
 
 on:
   push:
diff --git a/.github/workflows/compatibility-60.yml b/.github/workflows/compatibility-60.yml
index 6787898..a0a38dd 100644
--- a/.github/workflows/compatibility-60.yml
+++ b/.github/workflows/compatibility-60.yml
@@ -1,6 +1,8 @@
 name: zabbix_60
 run-name: Compatibility with Zabbix 6.0 test
-permissions: {}
+permissions:
+  contents: read
+  id-token: read
 
 on:
   push:
diff --git a/.github/workflows/compatibility-70.yml b/.github/workflows/compatibility-70.yml
index a15baa4..cec7700 100644
--- a/.github/workflows/compatibility-70.yml
+++ b/.github/workflows/compatibility-70.yml
@@ -1,6 +1,8 @@
 name: zabbix_70
 run-name: Compatibility with Zabbix 7.0 test
-permissions: {}
+permissions:
+  contents: read
+  id-token: read
 
 on:
   push:
diff --git a/.github/workflows/compatibility-72.yml b/.github/workflows/compatibility-72.yml
index a9b00ca..88ab1c0 100644
--- a/.github/workflows/compatibility-72.yml
+++ b/.github/workflows/compatibility-72.yml
@@ -1,6 +1,8 @@
 name: zabbix_72
 run-name: Compatibility with Zabbix 7.2 test
-permissions: {}
+permissions:
+  contents: read
+  id-token: read
 
 on:
   push:
diff --git a/.github/workflows/publish.yaml b/.github/workflows/publish.yaml
index ccc7c56..198df08 100644
--- a/.github/workflows/publish.yaml
+++ b/.github/workflows/publish.yaml
@@ -1,6 +1,9 @@
 name: Plugins - CD
 run-name: Deploy ${{ inputs.branch }} to ${{ inputs.environment }} by @${{ github.actor }}
-permissions: {}
+permissions:
+  attestations: write
+  contents: write
+  id-token: write
 
 on:
   workflow_dispatch:
diff --git a/.github/workflows/push.yaml b/.github/workflows/push.yaml
index ffb878f..e4637fa 100644
--- a/.github/workflows/push.yaml
+++ b/.github/workflows/push.yaml
@@ -1,5 +1,7 @@
 name: Plugins - CI
-permissions: {}
+permissions:
+  contents: read
+  id-token: write
 
 on:
   push: