diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml
index 66dc14ea..dc391f7a 100644
--- a/.github/workflows/docker-publish.yml
+++ b/.github/workflows/docker-publish.yml
@@ -67,6 +67,9 @@ jobs:
     needs: build
     runs-on: ubuntu-latest
     if: github.event_name != 'pull_request'
+    permissions:
+      contents: read
+      security-events: write
     
     steps:
     - name: Run Trivy vulnerability scanner