diff --git a/.github/workflows/scorecards-analysis.yml b/.github/workflows/scorecards-analysis.yml
index eac7fa5d..b75c5005 100644
--- a/.github/workflows/scorecards-analysis.yml
+++ b/.github/workflows/scorecards-analysis.yml
@@ -22,8 +22,10 @@ on:
   push:
     branches: [ "master" ]
 
-permissions: read-all
-
+permissions:
+  id-token: write # This is required for requesting the JWT
+  contents: read # This is required for actions/checkout
+  
 jobs:
 
   analysis: