diff --git a/.github/workflows/scan.yml b/.github/workflows/scan.yml
index a1382af..b80fb9e 100644
--- a/.github/workflows/scan.yml
+++ b/.github/workflows/scan.yml
@@ -7,7 +7,7 @@ on:
 jobs:
   scan:
     permissions:
-      contents: read
+      contents: write
       security-events: write # allow github/codeql-action/upload-sarif
     name: Scan for Security Vulnerabilities
     runs-on: ubuntu-18.04