diff --git a/.github/workflows/clone-db.yaml b/.github/workflows/clone-db.yaml
index ee91cdca2..7989fa34f 100644
--- a/.github/workflows/clone-db.yaml
+++ b/.github/workflows/clone-db.yaml
@@ -27,7 +27,6 @@ jobs:
       CF_USERNAME: ${{ secrets.CF_STAGING_USERNAME }}
       CF_PASSWORD: ${{ secrets.CF_STAGING_PASSWORD }}
     steps:
-        - uses: GitHubSecurityLab/actions-permissions/monitor@v1
         - name: Clone Database
           run: |
             # install cf cli and other tools
diff --git a/.github/workflows/createcachetable.yaml b/.github/workflows/createcachetable.yaml
index 768bf050d..207ecf70e 100644
--- a/.github/workflows/createcachetable.yaml
+++ b/.github/workflows/createcachetable.yaml
@@ -37,7 +37,6 @@ jobs:
       CF_USERNAME: CF_${{ github.event.inputs.environment }}_USERNAME
       CF_PASSWORD: CF_${{ github.event.inputs.environment }}_PASSWORD
     steps:
-      - uses: GitHubSecurityLab/actions-permissions/monitor@v1
       - name: Create cache table for ${{ github.event.inputs.environment }}
         uses: cloud-gov/cg-cli-tools@main
         with:
diff --git a/.github/workflows/daily-csv-upload.yaml b/.github/workflows/daily-csv-upload.yaml
index 41fb00971..9cacfc3bf 100644
--- a/.github/workflows/daily-csv-upload.yaml
+++ b/.github/workflows/daily-csv-upload.yaml
@@ -13,7 +13,6 @@ jobs:
       CF_USERNAME: CF_${{ secrets.CF_REPORT_ENV }}_USERNAME
       CF_PASSWORD: CF_${{ secrets.CF_REPORT_ENV }}_PASSWORD
     steps:
-      - uses: GitHubSecurityLab/actions-permissions/monitor@v1
       - name: Generate current-federal.csv
         uses: cloud-gov/cg-cli-tools@main
         with:
diff --git a/.github/workflows/deploy-manual.yaml b/.github/workflows/deploy-manual.yaml
index f3045c110..a85cc7565 100644
--- a/.github/workflows/deploy-manual.yaml
+++ b/.github/workflows/deploy-manual.yaml
@@ -44,7 +44,6 @@ jobs:
   variables:
     runs-on: ubuntu-latest
     steps:
-      - uses: GitHubSecurityLab/actions-permissions/monitor@v1
       - name: Setting global variables
         uses: actions/github-script@v6
         id: var
diff --git a/.github/workflows/deploy-sandbox.yaml b/.github/workflows/deploy-sandbox.yaml
index d751616c6..9112a865e 100644
--- a/.github/workflows/deploy-sandbox.yaml
+++ b/.github/workflows/deploy-sandbox.yaml
@@ -35,7 +35,6 @@ jobs:
       environment: ${{ steps.var.outputs.environment}}
     runs-on: "ubuntu-latest"
     steps:
-      - uses: GitHubSecurityLab/actions-permissions/monitor@v1
       - name: Setting global variables
         uses: actions/github-script@v6
         id: var
@@ -72,6 +71,8 @@ jobs:
   comment:
     runs-on: ubuntu-latest
     needs: [variables, deploy]
+    permissions:
+      issues: write
     steps:
       - uses: actions/github-script@v6
         env:
diff --git a/.github/workflows/issue-label-notifier.yaml b/.github/workflows/issue-label-notifier.yaml
index ee6aaa844..1f2a401bd 100644
--- a/.github/workflows/issue-label-notifier.yaml
+++ b/.github/workflows/issue-label-notifier.yaml
@@ -9,8 +9,9 @@ on:
 jobs:
   notify:
     runs-on: ubuntu-latest
+    permissions:
+      issues: write
     steps:
-      - uses: GitHubSecurityLab/actions-permissions/monitor@v1
       - uses: jenschelkopf/issue-label-notification-action@1.3
         with:
           recipients: |
diff --git a/.github/workflows/migrate.yaml b/.github/workflows/migrate.yaml
index e18791cad..1853b3c4f 100644
--- a/.github/workflows/migrate.yaml
+++ b/.github/workflows/migrate.yaml
@@ -45,7 +45,6 @@ jobs:
       CF_USERNAME: CF_${{ github.event.inputs.environment }}_USERNAME
       CF_PASSWORD: CF_${{ github.event.inputs.environment }}_PASSWORD
     steps:
-      - uses: GitHubSecurityLab/actions-permissions/monitor@v1
       - name: Run Django migrations for ${{ github.event.inputs.environment }}
         uses: cloud-gov/cg-cli-tools@main
         with:
diff --git a/.github/workflows/reset-db.yaml b/.github/workflows/reset-db.yaml
index 8e060beaa..111555b3c 100644
--- a/.github/workflows/reset-db.yaml
+++ b/.github/workflows/reset-db.yaml
@@ -45,7 +45,6 @@ jobs:
       CF_USERNAME: CF_${{ github.event.inputs.environment }}_USERNAME
       CF_PASSWORD: CF_${{ github.event.inputs.environment }}_PASSWORD
     steps:
-      - uses: GitHubSecurityLab/actions-permissions/monitor@v1
       - name: Delete existing data for ${{ github.event.inputs.environment }}
         uses: cloud-gov/cg-cli-tools@main
         with:
diff --git a/.github/workflows/security-check.yaml b/.github/workflows/security-check.yaml
index ae58b37c6..aea700613 100644
--- a/.github/workflows/security-check.yaml
+++ b/.github/workflows/security-check.yaml
@@ -54,7 +54,6 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: GitHubSecurityLab/actions-permissions/monitor@v1
       - name: Check out
         uses: actions/checkout@v3
       - name: MockUserLogin should not be in settings.MIDDLEWARE
diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml
index 7c7576cae..642e9dc30 100644
--- a/.github/workflows/test.yaml
+++ b/.github/workflows/test.yaml
@@ -21,7 +21,6 @@ jobs:
   python-linting:
     runs-on: ubuntu-latest
     steps:
-      - uses: GitHubSecurityLab/actions-permissions/monitor@v1
       - uses: actions/checkout@v3
 
       - name: Linting
@@ -33,7 +32,6 @@ jobs:
   python-test:
     runs-on: ubuntu-latest
     steps:
-      - uses: GitHubSecurityLab/actions-permissions/monitor@v1
       - uses: actions/checkout@v3
 
       - name: Unit tests
@@ -43,7 +41,6 @@ jobs:
   django-migrations-complete:
     runs-on: ubuntu-latest
     steps:
-      - uses: GitHubSecurityLab/actions-permissions/monitor@v1
       - uses: actions/checkout@v3
 
       - name: Check for complete migrations