diff --git a/.github/workflows/main-build.yml b/.github/workflows/main-build.yml
index 2803a9073a5..3b5833ba31c 100644
--- a/.github/workflows/main-build.yml
+++ b/.github/workflows/main-build.yml
@@ -92,6 +92,9 @@ jobs:
 
   trivy-scan:
     needs: build
+    permissions:
+      contents: read
+      security-events: write
     uses: kedacore/keda/.github/workflows/template-trivy-scan.yml@main
     with:
       runs-on: ubuntu-latest
@@ -102,6 +105,9 @@ jobs:
 
   trivy-scan-metrics-server:
     needs: build
+    permissions:
+      contents: read
+      security-events: write
     strategy:
       matrix:
         runner: [ARM64, ubuntu-latest]
@@ -116,6 +122,9 @@ jobs:
 
   trivy-scan-keda:
     needs: build
+    permissions:
+      contents: read
+      security-events: write
     strategy:
       matrix:
         runner: [ARM64, ubuntu-latest]
diff --git a/.github/workflows/template-smoke-tests.yml b/.github/workflows/template-smoke-tests.yml
index a3f29146b72..07361c56ab1 100644
--- a/.github/workflows/template-smoke-tests.yml
+++ b/.github/workflows/template-smoke-tests.yml
@@ -13,9 +13,6 @@ on:
         required: true
         type: string
 
-permissions:
-  contents: read
-
 jobs:
   smoke-tests:
     name: Validate k8s-${{ inputs.kubernetesVersion }}
diff --git a/.github/workflows/template-trivy-scan.yml b/.github/workflows/template-trivy-scan.yml
index 5b26467d30f..69889ab7798 100644
--- a/.github/workflows/template-trivy-scan.yml
+++ b/.github/workflows/template-trivy-scan.yml
@@ -31,10 +31,6 @@ on:
         required: true
         type: boolean
 
-permissions:
-  contents: read
-  security-events: write
-
 jobs:
   trivy-scan:
     name: Trivy - ${{ inputs.runs-on }} - ${{ inputs.scan-type }} ${{ inputs.image-ref }}