diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml
index 7896fddcf5..e4d3ceb225 100644
--- a/.github/workflows/scorecard.yml
+++ b/.github/workflows/scorecard.yml
@@ -15,7 +15,8 @@ on:
     branches: [ "main" ]
 
 # Declare default permissions as read only.
-permissions: read-all
+permissions:
+  contents: read
 
 jobs:
   analysis: