diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
index ddb2b54..20e1c4d 100644
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -1,6 +1,8 @@
 name: ci
 
-on: 
+permissions: read-all
+
+on:
   pull_request:
 
 jobs:
@@ -13,7 +15,7 @@ jobs:
           fetch-depth: 0
 
       - name: Lint Code Base
-        uses: github/super-linter/slim@v5
+        uses: github/super-linter/slim@v6
         env:
           DEFAULT_BRANCH: main
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/release-drafter.yaml b/.github/workflows/release-drafter.yaml
index 818ad63..e57fd94 100644
--- a/.github/workflows/release-drafter.yaml
+++ b/.github/workflows/release-drafter.yaml
@@ -1,5 +1,9 @@
 name: Release Drafter
 
+permissions:
+  contents: read
+
+
 on:
   push:
     branches:
@@ -7,9 +11,6 @@ on:
   pull_request:
     types: [opened, reopened, synchronize]
 
-permissions:
-  contents: read
-
 jobs:
   update_release_draft:
     permissions:
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index abf42b6..6de0ae1 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -1,5 +1,7 @@
 name: Release
 
+permissions: read-all
+
 on:
   push:
     branches:
@@ -9,6 +11,10 @@ on:
 
 jobs:
   docker-build-push:
+    permissions:
+      contents: read
+      id-token: write
+      packages: write
     runs-on: ubuntu-22.04
     steps:
       - name: Checkout Code
diff --git a/Dockerfile b/Dockerfile
index fc7e499..2ad7471 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -4,4 +4,7 @@ COPY self-heal.sh /self-heal.sh
 
 CMD ["/bin/sh"]
 
+#checkov:skip=CKV_DOCKER_2:We don't need Docker HEALTHCHECK in Kubernetes
+#checkov:skip=CKV_DOCKER_3:inherits curl_user from base image
+
 ENTRYPOINT ["/self-heal.sh"]