diff --git a/.github/workflows/snyk-pr.yml b/.github/workflows/snyk-pr.yml
index 048b86917..e21815ecf 100644
--- a/.github/workflows/snyk-pr.yml
+++ b/.github/workflows/snyk-pr.yml
@@ -3,29 +3,36 @@ on:
   pull_request:
     branches:
       - master
+
+permissions:
+  contents: read
+  issues: write
+  pull-requests: write
+
 jobs:
-  whitesource:
+  snyk:
+    permissions: write-all
     runs-on: ubuntu-latest
     if: ${{ github.event.pull_request.user.login == 'sfc-gh-snyk-sca-sa' }}
     steps:
-    - name: checkout
-      uses: actions/checkout@v3
-      with:
-        ref: ${{ github.event.pull_request.head.ref }}
-        fetch-depth: 0
+      - name: checkout
+        uses: actions/checkout@v3
+        with:
+          ref: ${{ github.event.pull_request.head.ref }}
+          fetch-depth: 0
 
-    - name: checkout action
-      uses: actions/checkout@v3
-      with:
-        repository: snowflakedb/whitesource-actions
-        token: ${{ secrets.WHITESOURCE_ACTION_TOKEN }}
-        path: whitesource-actions
+      - name: checkout action
+        uses: actions/checkout@v3
+        with:
+          repository: snowflakedb/whitesource-actions
+          token: ${{ secrets.WHITESOURCE_ACTION_TOKEN }}
+          path: whitesource-actions
 
-    - name: PR
-      uses: ./whitesource-actions/snyk-pr
-      env:
-        PR_TITLE: ${{ github.event.pull_request.title }}
-      with:
-        jira_token: ${{ secrets.JIRA_TOKEN_PUBLIC_REPO }}
-        gh_token: ${{ secrets.GITHUB_TOKEN }}
-        amend: false # true if you want the commit to be amended with the JIRA number
+      - name: PR
+        uses: ./whitesource-actions/snyk-pr
+        env:
+          PR_TITLE: ${{ github.event.pull_request.title }}
+        with:
+          jira_token: ${{ secrets.JIRA_TOKEN_PUBLIC_REPO }}
+          gh_token: ${{ secrets.GITHUB_TOKEN }}
+          amend: false # true if you want the commit to be amended with the JIRA number