diff --git a/.github/workflows/build-and-test.yml b/.github/workflows/build-and-test.yml
index 2b1dfe2b..46789243 100644
--- a/.github/workflows/build-and-test.yml
+++ b/.github/workflows/build-and-test.yml
@@ -7,6 +7,11 @@ on:
   pull_request:
     branches: ["main", "dev"]
 
+permissions:
+  contents: read #those permissions are required to run the codeql analysis
+  actions: read
+  security-events: write
+
 jobs:
   build-and-test:
     runs-on: windows-latest