diff --git a/.github/workflows/scorecards-analysis.yml b/.github/workflows/scorecards-analysis.yml
index b75c5005..5ce7f780 100644
--- a/.github/workflows/scorecards-analysis.yml
+++ b/.github/workflows/scorecards-analysis.yml
@@ -22,10 +22,8 @@ on:
   push:
     branches: [ "master" ]
 
-permissions:
-  id-token: write # This is required for requesting the JWT
-  contents: read # This is required for actions/checkout
-  
+permissions: read-all
+
 jobs:
 
   analysis:
@@ -33,9 +31,11 @@ jobs:
     name: "Scorecards analysis"
     runs-on: ubuntu-latest
     permissions:
-      security-events: write    # Needed to upload the results to the code-scanning dashboard.
+      # Needed to upload the results to the code-scanning dashboard.
+      security-events: write
       actions: read
-      contents: read
+      id-token: write # This is required for requesting the JWT
+      contents: read  # This is required for actions/checkout
 
     steps: