diff --git a/.github/workflows/sbom-scan.yml b/.github/workflows/sbom-scan.yml
index 3f09f38f..a903d37b 100644
--- a/.github/workflows/sbom-scan.yml
+++ b/.github/workflows/sbom-scan.yml
@@ -10,6 +10,8 @@ on:
 jobs:
   create-and-scan-sbom:
     runs-on: ubuntu-latest
+    permissions:
+      security-events: write
     steps:
       - uses: actions/checkout@v4
       - uses: actions/setup-python@v5