diff --git a/.github/workflows/third_party_scan.yml b/.github/workflows/third_party_scan.yml
index 2a18a3ed4db25..b32a587f78683 100644
--- a/.github/workflows/third_party_scan.yml
+++ b/.github/workflows/third_party_scan.yml
@@ -52,4 +52,5 @@ jobs:
     permissions:
       # Needed to upload the SARIF results to code-scanning dashboard.
       security-events: write
+      actions: read
       contents: read