diff --git a/.github/workflows/build_test_lin.yml b/.github/workflows/build_test_lin.yml
index 99cd5caf..9c081fb9 100644
--- a/.github/workflows/build_test_lin.yml
+++ b/.github/workflows/build_test_lin.yml
@@ -20,6 +20,8 @@ on:
         required: false
         default: ''
 
+permissions: read-all
+
 jobs:
   build_test_lin:
     runs-on: ubuntu-20.04
diff --git a/.github/workflows/build_test_win.yml b/.github/workflows/build_test_win.yml
index f1187a79..c6eeeb1b 100644
--- a/.github/workflows/build_test_win.yml
+++ b/.github/workflows/build_test_win.yml
@@ -20,6 +20,8 @@ on:
         required: false
         default: ''
 
+permissions: read-all
+
 jobs:
   build_test_win:
     runs-on: windows-2019
diff --git a/.github/workflows/codestyle.yml b/.github/workflows/codestyle.yml
index 77c25b5b..59167e68 100644
--- a/.github/workflows/codestyle.yml
+++ b/.github/workflows/codestyle.yml
@@ -2,6 +2,8 @@ name: Codestyle checks
 
 on: [ push, pull_request, workflow_dispatch ]
 
+permissions: read-all
+
 jobs:
   codestyle:
     strategy:
diff --git a/.github/workflows/hadolint_check.yml b/.github/workflows/hadolint_check.yml
index 877e5899..18e8573c 100644
--- a/.github/workflows/hadolint_check.yml
+++ b/.github/workflows/hadolint_check.yml
@@ -8,6 +8,8 @@ on:
     paths:
       - 'dockerfiles/**/*ockerfile'
 
+permissions: read-all
+
 jobs:
   hadolint_check:
     runs-on: ubuntu-20.04
diff --git a/.github/workflows/images_build_check.yml b/.github/workflows/images_build_check.yml
index 171f9924..b71e3a52 100644
--- a/.github/workflows/images_build_check.yml
+++ b/.github/workflows/images_build_check.yml
@@ -7,6 +7,8 @@ on:
   pull_request:
   workflow_dispatch:
 
+permissions: read-all
+
 jobs:
   image_build:
     strategy:
diff --git a/.github/workflows/manual_publish.yml b/.github/workflows/manual_publish.yml
index 56856033..9f0df675 100644
--- a/.github/workflows/manual_publish.yml
+++ b/.github/workflows/manual_publish.yml
@@ -28,6 +28,8 @@ on:
         required: false
         default: ''
 
+permissions: read-all
+
 jobs:
   manual_publish:
     strategy:
diff --git a/.github/workflows/release_links_check.yml b/.github/workflows/release_links_check.yml
index ccb91687..441f85ce 100644
--- a/.github/workflows/release_links_check.yml
+++ b/.github/workflows/release_links_check.yml
@@ -14,6 +14,8 @@ on:
         required: false
         default: ''
 
+permissions: read-all
+
 jobs:
   loader_links_check:
     runs-on: ubuntu-20.04
diff --git a/.github/workflows/update_dockerfiles.yml b/.github/workflows/update_dockerfiles.yml
index 623e6da6..658ca9b0 100644
--- a/.github/workflows/update_dockerfiles.yml
+++ b/.github/workflows/update_dockerfiles.yml
@@ -8,6 +8,8 @@ on:
         required: true
         default: ''
 
+permissions: read-all
+
 jobs:
   update_dockerfiles:
     runs-on: ubuntu-20.04