diff --git a/.github/workflows/checkov.yaml b/.github/workflows/checkov.yaml
index e5ed164a..f4ffd807 100644
--- a/.github/workflows/checkov.yaml
+++ b/.github/workflows/checkov.yaml
@@ -2,19 +2,12 @@ on:
   push:
     branches: [ "main", "james/checkov" ]
   workflow_dispatch:
+permissions: read-all
 jobs:
   checkov-job:
     permissions:
       actions: read
-      checks: none
       contents: read
-      deployments: none
-      discussions: none
-      id-token: none
-      issues: none
-      packages: none
-      pages: none
-      repository-projects: none
       security-events: write
       statuses: none
     runs-on: ubuntu-latest