diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 5c7d8de0..79aa7908 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -2,6 +2,9 @@ name: 2wp-app build
 
 on: [push, pull_request]
 
+# Declare default permissions as read only.
+permissions: read-all
+
 jobs:
   checkout-and-build:
     runs-on: ubuntu-20.04
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index 041d6e77..6f132f96 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -9,7 +9,8 @@ on:
     - cron: "59 4 * * 1"
 
 permissions:
-  contents: read
+  contents: read-all
+
 jobs:
   analyze:
     name: Analyze
diff --git a/.github/workflows/deploy_MainNet_UI.yml b/.github/workflows/deploy_MainNet_UI.yml
index 63cb478e..94c34afd 100644
--- a/.github/workflows/deploy_MainNet_UI.yml
+++ b/.github/workflows/deploy_MainNet_UI.yml
@@ -5,6 +5,9 @@ on:
     tags:
       - 'v*'
 
+# Declare default permissions as read only.
+permissions: read-all
+
 jobs:
   checkout-and-build:
     runs-on: ubuntu-latest
diff --git a/.github/workflows/deploy_TestNet_UI.yml b/.github/workflows/deploy_TestNet_UI.yml
index e54d7f7e..c5904db8 100644
--- a/.github/workflows/deploy_TestNet_UI.yml
+++ b/.github/workflows/deploy_TestNet_UI.yml
@@ -5,6 +5,9 @@ on:
     tags:
       - '*-rc'
 
+# Declare default permissions as read only.
+permissions: read-all
+
 jobs:
   checkout-and-build:
     runs-on: ubuntu-latest
diff --git a/.github/workflows/deploy_staging_MainNet_UI.yml b/.github/workflows/deploy_staging_MainNet_UI.yml
index 40c33dc7..2458c824 100644
--- a/.github/workflows/deploy_staging_MainNet_UI.yml
+++ b/.github/workflows/deploy_staging_MainNet_UI.yml
@@ -5,6 +5,9 @@ on:
     branches:
       - 'release-candidate'
 
+# Declare default permissions as read only.
+permissions: read-all
+
 jobs:
   checkout-and-build:
     runs-on: ubuntu-latest
diff --git a/.github/workflows/deploy_staging_TestNet_UI.yml b/.github/workflows/deploy_staging_TestNet_UI.yml
index 24256e66..4d297104 100644
--- a/.github/workflows/deploy_staging_TestNet_UI.yml
+++ b/.github/workflows/deploy_staging_TestNet_UI.yml
@@ -5,6 +5,9 @@ on:
     branches:
       - qa
 
+# Declare default permissions as read only.
+permissions: read-all
+
 jobs:
   checkout-and-build:
     runs-on: ubuntu-latest