diff --git a/.github/workflows/build-server-image.yml b/.github/workflows/build-server-image.yml
index 0b9c463419b..5f747bed210 100644
--- a/.github/workflows/build-server-image.yml
+++ b/.github/workflows/build-server-image.yml
@@ -12,6 +12,11 @@ on:
 env:
   CHAINCTL_IDENTITY: ee399b4c72dd4e58e3d617f78fc47b74733c9557/922f2d48307d6f5f
 
+# Permissions required for chainguard-dev/setup-chainctl
+permissions:
+  id-token: write
+  contents: read
+
 jobs:
   build-image:
     runs-on: ubuntu-22.04
diff --git a/.github/workflows/dispatch-server-builder-image.yml b/.github/workflows/dispatch-server-builder-image.yml
index 6c82ff7a7f5..d390fba4fd8 100644
--- a/.github/workflows/dispatch-server-builder-image.yml
+++ b/.github/workflows/dispatch-server-builder-image.yml
@@ -14,6 +14,11 @@ on:
 env:
   CHAINCTL_IDENTITY: ee399b4c72dd4e58e3d617f78fc47b74733c9557/922f2d48307d6f5f
 
+# Permissions required for chainguard-dev/setup-chainctl
+permissions:
+  id-token: write
+  contents: read
+
 jobs:
   build-and-push:
     runs-on: ubuntu-latest