diff --git a/.github/workflows/scan.yaml b/.github/workflows/scan.yaml
index 0628284c61..29d4b6b27c 100644
--- a/.github/workflows/scan.yaml
+++ b/.github/workflows/scan.yaml
@@ -36,6 +36,8 @@ jobs:
   trivy:
     name: Trivy
     runs-on: ubuntu-latest
+    permissions:
+      security-events: write # for Trivy to write security events
     steps:
       - name: Checkout code
         uses: actions/checkout@3df4ab11eba7bda6032a0b82a6bb43b11571feac # v4.0.0