diff --git a/server/src/workflows/2022-10-01/WorkflowService.ts b/server/src/workflows/2022-10-01/WorkflowService.ts
index 17b218b3f0..6dde875c45 100644
--- a/server/src/workflows/2022-10-01/WorkflowService.ts
+++ b/server/src/workflows/2022-10-01/WorkflowService.ts
@@ -33,7 +33,8 @@ export class WorkflowService20221001 {
           tenant-id: \${{ secrets.__tenantidsecretname__ }}
           subscription-id: \${{ secrets.__subscriptionidsecretname__ }}\n`;
       const permssions = `permissions:
-      id-token: write #This is required for requesting the JWT\n`;
+      id-token: write #This is required for requesting the JWT
+      contents: read #This is required for actions/checkout\n`;
       const environment = `environment:
       name: '__slotname__'
       url: \${{ steps.deploy-to-webapp.outputs.webapp-url }}`;
diff --git a/server/src/workflows/2022-10-01/container-configs/container-functions-linux.config.yml b/server/src/workflows/2022-10-01/container-configs/container-functions-linux.config.yml
index 3464bb8ef3..2b2abbd080 100644
--- a/server/src/workflows/2022-10-01/container-configs/container-functions-linux.config.yml
+++ b/server/src/workflows/2022-10-01/container-configs/container-functions-linux.config.yml
@@ -12,6 +12,9 @@ on:
 jobs:
   build:
     runs-on: ubuntu-latest
+    permissions:
+      contents: read #This is required for actions/checkout
+
     steps:
       - uses: actions/checkout@v4
 
diff --git a/server/src/workflows/2022-10-01/container-configs/container-webapp-linux.config.yml b/server/src/workflows/2022-10-01/container-configs/container-webapp-linux.config.yml
index 8b34d5c4f3..a8fae241cf 100644
--- a/server/src/workflows/2022-10-01/container-configs/container-webapp-linux.config.yml
+++ b/server/src/workflows/2022-10-01/container-configs/container-webapp-linux.config.yml
@@ -12,6 +12,9 @@ on:
 jobs:
   build:
     runs-on: ubuntu-latest
+    permissions:
+      contents: read #This is required for actions/checkout
+
     steps:
       - uses: actions/checkout@v4
 
diff --git a/server/src/workflows/2022-10-01/function-app-configs/node-linux.config.yml b/server/src/workflows/2022-10-01/function-app-configs/node-linux.config.yml
index 4d79ad3dca..2aee9228d2 100644
--- a/server/src/workflows/2022-10-01/function-app-configs/node-linux.config.yml
+++ b/server/src/workflows/2022-10-01/function-app-configs/node-linux.config.yml
@@ -16,6 +16,9 @@ env:
 jobs:
   build:
     runs-on: ubuntu-latest
+    permissions:
+      contents: read #This is required for actions/checkout
+
     steps:
       - name: 'Checkout GitHub Action'
         uses: actions/checkout@v4
diff --git a/server/src/workflows/2022-10-01/function-app-configs/node-windows.config.yml b/server/src/workflows/2022-10-01/function-app-configs/node-windows.config.yml
index abe68e8e2c..09d17ead5f 100644
--- a/server/src/workflows/2022-10-01/function-app-configs/node-windows.config.yml
+++ b/server/src/workflows/2022-10-01/function-app-configs/node-windows.config.yml
@@ -16,6 +16,9 @@ env:
 jobs:
   build:
     runs-on: windows-latest
+    permissions:
+      contents: read #This is required for actions/checkout
+      
     steps:
       - name: 'Checkout GitHub Action'
         uses: actions/checkout@v4
diff --git a/server/src/workflows/2022-10-01/function-app-configs/python-linux.config.yml b/server/src/workflows/2022-10-01/function-app-configs/python-linux.config.yml
index a40b3d0cb7..30d243e6a3 100644
--- a/server/src/workflows/2022-10-01/function-app-configs/python-linux.config.yml
+++ b/server/src/workflows/2022-10-01/function-app-configs/python-linux.config.yml
@@ -17,6 +17,9 @@ env:
 jobs:
   build:
     runs-on: ubuntu-latest
+    permissions:
+      contents: read #This is required for actions/checkout
+
     steps:
       - name: Checkout repository
         uses: actions/checkout@v4
diff --git a/server/src/workflows/2022-10-01/web-app-configs/aspnet-windows.config.yml b/server/src/workflows/2022-10-01/web-app-configs/aspnet-windows.config.yml
index b3f0bdce8b..1629a25f27 100644
--- a/server/src/workflows/2022-10-01/web-app-configs/aspnet-windows.config.yml
+++ b/server/src/workflows/2022-10-01/web-app-configs/aspnet-windows.config.yml
@@ -12,6 +12,8 @@ on:
 jobs:
   build:
     runs-on: windows-latest
+    permissions:
+      contents: read #This is required for actions/checkout
 
     steps:
       - uses: actions/checkout@v4
diff --git a/server/src/workflows/2022-10-01/web-app-configs/dotnetcore-linux.config.yml b/server/src/workflows/2022-10-01/web-app-configs/dotnetcore-linux.config.yml
index da8789caf6..274b33f3cd 100644
--- a/server/src/workflows/2022-10-01/web-app-configs/dotnetcore-linux.config.yml
+++ b/server/src/workflows/2022-10-01/web-app-configs/dotnetcore-linux.config.yml
@@ -12,6 +12,8 @@ on:
 jobs:
   build:
     runs-on: ubuntu-latest
+    permissions:
+      contents: read #This is required for actions/checkout
 
     steps:
       - uses: actions/checkout@v4
diff --git a/server/src/workflows/2022-10-01/web-app-configs/dotnetcore-windows.config.yml b/server/src/workflows/2022-10-01/web-app-configs/dotnetcore-windows.config.yml
index 59d87301e6..abece3f376 100644
--- a/server/src/workflows/2022-10-01/web-app-configs/dotnetcore-windows.config.yml
+++ b/server/src/workflows/2022-10-01/web-app-configs/dotnetcore-windows.config.yml
@@ -12,6 +12,8 @@ on:
 jobs:
   build:
     runs-on: windows-latest
+    permissions:
+      contents: read #This is required for actions/checkout
 
     steps:
       - uses: actions/checkout@v4
diff --git a/server/src/workflows/2022-10-01/web-app-configs/java-jar-linux.config.yml b/server/src/workflows/2022-10-01/web-app-configs/java-jar-linux.config.yml
index 1c8396443c..9eefcb0810 100644
--- a/server/src/workflows/2022-10-01/web-app-configs/java-jar-linux.config.yml
+++ b/server/src/workflows/2022-10-01/web-app-configs/java-jar-linux.config.yml
@@ -12,6 +12,8 @@ on:
 jobs:
   build:
     runs-on: ubuntu-latest
+    permissions:
+      contents: read #This is required for actions/checkout
 
     steps:
       - uses: actions/checkout@v4
diff --git a/server/src/workflows/2022-10-01/web-app-configs/java-jar-windows.config.yml b/server/src/workflows/2022-10-01/web-app-configs/java-jar-windows.config.yml
index de8b4139c0..400692602a 100644
--- a/server/src/workflows/2022-10-01/web-app-configs/java-jar-windows.config.yml
+++ b/server/src/workflows/2022-10-01/web-app-configs/java-jar-windows.config.yml
@@ -12,6 +12,8 @@ on:
 jobs:
   build:
     runs-on: windows-latest
+    permissions:
+      contents: read #This is required for actions/checkout
 
     steps:
       - uses: actions/checkout@v4
diff --git a/server/src/workflows/2022-10-01/web-app-configs/java-war-linux.config.yml b/server/src/workflows/2022-10-01/web-app-configs/java-war-linux.config.yml
index 1c5e50e7e4..40be7a13e4 100644
--- a/server/src/workflows/2022-10-01/web-app-configs/java-war-linux.config.yml
+++ b/server/src/workflows/2022-10-01/web-app-configs/java-war-linux.config.yml
@@ -12,6 +12,8 @@ on:
 jobs:
   build:
     runs-on: ubuntu-latest
+    permissions:
+      contents: read #This is required for actions/checkout
 
     steps:
       - uses: actions/checkout@v4
diff --git a/server/src/workflows/2022-10-01/web-app-configs/java-war-windows.config.yml b/server/src/workflows/2022-10-01/web-app-configs/java-war-windows.config.yml
index e214b368bd..8085f219bd 100644
--- a/server/src/workflows/2022-10-01/web-app-configs/java-war-windows.config.yml
+++ b/server/src/workflows/2022-10-01/web-app-configs/java-war-windows.config.yml
@@ -12,6 +12,8 @@ on:
 jobs:
   build:
     runs-on: windows-latest
+    permissions:
+      contents: read #This is required for actions/checkout
 
     steps:
       - uses: actions/checkout@v4
diff --git a/server/src/workflows/2022-10-01/web-app-configs/node-linux-oryx.config.yml b/server/src/workflows/2022-10-01/web-app-configs/node-linux-oryx.config.yml
index 87f9707952..e3e007cb02 100644
--- a/server/src/workflows/2022-10-01/web-app-configs/node-linux-oryx.config.yml
+++ b/server/src/workflows/2022-10-01/web-app-configs/node-linux-oryx.config.yml
@@ -12,6 +12,8 @@ on:
 jobs:
   build:
     runs-on: ubuntu-latest
+    permissions:
+      contents: read #This is required for actions/checkout
 
     steps:
       - uses: actions/checkout@v4
diff --git a/server/src/workflows/2022-10-01/web-app-configs/node-linux.config.yml b/server/src/workflows/2022-10-01/web-app-configs/node-linux.config.yml
index 459e3926d3..64fc1c1140 100644
--- a/server/src/workflows/2022-10-01/web-app-configs/node-linux.config.yml
+++ b/server/src/workflows/2022-10-01/web-app-configs/node-linux.config.yml
@@ -12,6 +12,8 @@ on:
 jobs:
   build:
     runs-on: ubuntu-latest
+    permissions:
+      contents: read #This is required for actions/checkout
 
     steps:
       - uses: actions/checkout@v4
diff --git a/server/src/workflows/2022-10-01/web-app-configs/node-windows.config.yml b/server/src/workflows/2022-10-01/web-app-configs/node-windows.config.yml
index c9f822a00f..37ea6a9bdc 100644
--- a/server/src/workflows/2022-10-01/web-app-configs/node-windows.config.yml
+++ b/server/src/workflows/2022-10-01/web-app-configs/node-windows.config.yml
@@ -12,6 +12,8 @@ on:
 jobs:
   build:
     runs-on: windows-latest
+    permissions:
+      contents: read #This is required for actions/checkout
 
     steps:
       - uses: actions/checkout@v4
diff --git a/server/src/workflows/2022-10-01/web-app-configs/php-linux.config.yml b/server/src/workflows/2022-10-01/web-app-configs/php-linux.config.yml
index 4b77800f13..9b63beb5c4 100644
--- a/server/src/workflows/2022-10-01/web-app-configs/php-linux.config.yml
+++ b/server/src/workflows/2022-10-01/web-app-configs/php-linux.config.yml
@@ -12,6 +12,8 @@ on:
 jobs:
   build:
     runs-on: ubuntu-latest
+    permissions:
+      contents: read #This is required for actions/checkout
 
     steps:
       - uses: actions/checkout@v4
diff --git a/server/src/workflows/2022-10-01/web-app-configs/php-windows.config.yml b/server/src/workflows/2022-10-01/web-app-configs/php-windows.config.yml
index 6cbf23a67c..1cad0d5936 100644
--- a/server/src/workflows/2022-10-01/web-app-configs/php-windows.config.yml
+++ b/server/src/workflows/2022-10-01/web-app-configs/php-windows.config.yml
@@ -12,7 +12,9 @@ on:
 jobs:
   build:
     runs-on: windows-latest
-
+    permissions:
+      contents: read #This is required for actions/checkout
+      
     steps:
       - uses: actions/checkout@v4
 
diff --git a/server/src/workflows/2022-10-01/web-app-configs/python-linux.config.yml b/server/src/workflows/2022-10-01/web-app-configs/python-linux.config.yml
index 3c84cb6da1..28c9f6a790 100644
--- a/server/src/workflows/2022-10-01/web-app-configs/python-linux.config.yml
+++ b/server/src/workflows/2022-10-01/web-app-configs/python-linux.config.yml
@@ -13,6 +13,8 @@ on:
 jobs:
   build:
     runs-on: ubuntu-latest
+    permissions:
+      contents: read #This is required for actions/checkout
 
     steps:
       - uses: actions/checkout@v4
diff --git a/server/src/workflows/2022-10-01/web-app-configs/wordpress-linux.config.yml b/server/src/workflows/2022-10-01/web-app-configs/wordpress-linux.config.yml
index ca17a94133..05414d3d10 100644
--- a/server/src/workflows/2022-10-01/web-app-configs/wordpress-linux.config.yml
+++ b/server/src/workflows/2022-10-01/web-app-configs/wordpress-linux.config.yml
@@ -11,6 +11,8 @@ on:
 jobs:
   build:
     runs-on: ubuntu-latest
+    permissions:
+      contents: read #This is required for actions/checkout
 
     steps:
       - uses: actions/checkout@v4