semgrep
diff --git a/‎src/components/code_snippets/_gha-semgrep-app-sast-dash.mdx
+3 b/‎src/components/code_snippets/_gha-semgrep-app-sast-dash.mdx
+3
diff --git a/‎src/components/code_snippets/_gha-semgrep-app-sast.mdx
+3 b/‎src/components/code_snippets/_gha-semgrep-app-sast.mdx
+3
diff --git a/‎src/components/code_snippets/_gha-semgrep-app-ssc.mdx
-49 b/‎src/components/code_snippets/_gha-semgrep-app-ssc.mdx
-49
diff --git a/‎src/components/code_snippets/_gha-semgrep-app-standalone-dash.mdx
-43 b/‎src/components/code_snippets/_gha-semgrep-app-standalone-dash.mdx
-43
diff --git a/‎src/components/code_snippets/_gha-semgrep-app-standalone.mdx
-39 b/‎src/components/code_snippets/_gha-semgrep-app-standalone.mdx
-39
diff --git a/‎src/components/code_snippets/_gha-semgrep-oss-sast.mdx
+3 b/‎src/components/code_snippets/_gha-semgrep-oss-sast.mdx
+3
@@ -15,6 +15,9 @@ on:
     - cron: '20 17 * * *' # Sets Semgrep to scan every day at 17:20 UTC.
     # It is recommended to change the schedule to a random time.
 
+permissions:
+  contents: read
+
 jobs:
   semgrep:
     # User definable name of this GitHub Actions job.
 
@@ -25,6 +25,9 @@ on:
     - cron: '20 17 * * *' # Sets Semgrep to scan every day at 17:20 UTC.
     # It is recommended to change the schedule to a random time.
 
+permissions:
+  contents: read
+
 jobs:
   semgrep:
     # User definable name of this GitHub Actions job.
 
@@ -21,6 +21,9 @@ on:
     - cron: '20 17 * * *' # Sets Semgrep to scan every day at 17:20 UTC.
     # It is recommended to change the schedule to a random time.
 
+permissions:
+  contents: read
+
 jobs:
   semgrep:
     # User definable name of this GitHub Actions job.