diff --git a/.github/workflows/reusable-secrets-scanning.yml b/.github/workflows/reusable-secrets-scanning.yml
index d97953a..eee4dda 100644
--- a/.github/workflows/reusable-secrets-scanning.yml
+++ b/.github/workflows/reusable-secrets-scanning.yml
@@ -16,6 +16,11 @@ on:
       SLACK_CHANNEL_ID_GITHUB_NOTIFICATION:
         required: true
 
+# Permission can be added at job level or workflow level
+permissions:
+  id-token: write # This is required for requesting the JWT
+  contents: read # This is required for actions/checkout
+
 jobs:
   SecurityScan:
     runs-on: ubuntu-latest