diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index 3c672783d4..c7837f04b9 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -45,6 +45,8 @@ env:
 
 jobs:
   analyze:
+    permissions:
+      contents: write
     name: Analyze
     runs-on: ubuntu-latest
     timeout-minutes: 15