diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index 41ab12af3c384..c3d1b65ae6bae 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -1,5 +1,8 @@
 name: "CodeQL"
 
+permissions:
+  security-events: write
+
 on:
   push:
     branches: ["main"]