diff --git a/.github/workflows/docker-build-push-dockerhub.yaml b/.github/workflows/docker-build-push-dockerhub.yaml
index e1bed3a..51940e6 100644
--- a/.github/workflows/docker-build-push-dockerhub.yaml
+++ b/.github/workflows/docker-build-push-dockerhub.yaml
@@ -115,6 +115,7 @@ on:
 permissions:
   id-token: write
   attestations: write
+  artifact-metadata: write
   contents: read
 
 jobs:
diff --git a/.github/workflows/docker-build-push-jfrog.yaml b/.github/workflows/docker-build-push-jfrog.yaml
index cf9392c..30ebd52 100644
--- a/.github/workflows/docker-build-push-jfrog.yaml
+++ b/.github/workflows/docker-build-push-jfrog.yaml
@@ -119,6 +119,7 @@ on:
 permissions:
   id-token: write
   attestations: write
+  artifact-metadata: write
   contents: read
 
 jobs:
diff --git a/.github/workflows/docker-promote-dockerhub.yaml b/.github/workflows/docker-promote-dockerhub.yaml
index b9693bf..26f7657 100644
--- a/.github/workflows/docker-promote-dockerhub.yaml
+++ b/.github/workflows/docker-promote-dockerhub.yaml
@@ -33,6 +33,12 @@ on:
         description: "Docker Hub password"
         required: true
 
+permissions:
+  id-token: write
+  attestations: write
+  artifact-metadata: write
+  contents: read
+
 jobs:
   promote:
     name: Promote Docker image
diff --git a/.github/workflows/docker-promote-jfrog.yaml b/.github/workflows/docker-promote-jfrog.yaml
index a1708a1..c094fb0 100644
--- a/.github/workflows/docker-promote-jfrog.yaml
+++ b/.github/workflows/docker-promote-jfrog.yaml
@@ -40,6 +40,12 @@ on:
         required: false
         default: false
 
+permissions:
+  id-token: write
+  attestations: write
+  artifact-metadata: write
+  contents: read
+
 jobs:
   promote:
     name: Promote Docker image