diff --git a/.github/workflows/default.yml b/.github/workflows/default.yml
index d77cd901..fe352178 100644
--- a/.github/workflows/default.yml
+++ b/.github/workflows/default.yml
@@ -4,6 +4,6 @@ on:
 name: Issue and PR hygiene
 jobs:
   stale:
-    uses: krakendio/.github/.github/workflows/stale.yml@main
+    uses: krakend/.github/.github/workflows/stale.yml@main
   lock-threads:
-    uses: krakendio/.github/.github/workflows/lock-threads.yml@main
+    uses: krakend/.github/.github/workflows/lock-threads.yml@main
diff --git a/.github/workflows/labels.yml b/.github/workflows/labels.yml
index 96d8772e..42134a2f 100644
--- a/.github/workflows/labels.yml
+++ b/.github/workflows/labels.yml
@@ -6,4 +6,7 @@ on:
     types: [labeled, unlabeled]
 jobs:
   stale:
-    uses: krakendio/.github/.github/workflows/label-commenter.yml@main
+    uses: krakend/.github/.github/workflows/label-commenter.yml@main
+    permissions:
+      issues: write
+      pull-requests: write
diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml
index 038d8cf2..13825e8f 100644
--- a/.github/workflows/security.yml
+++ b/.github/workflows/security.yml
@@ -16,10 +16,15 @@ jobs:
   security-repo-scan:
     name: security-repo-scan
     runs-on: ubuntu-latest
+    permissions:
+      security-events: write
+      actions: read
+      contents: read
+
     steps:
-      - name: Checkout 
+      - name: Checkout
         uses: actions/checkout@v3
-      
+
       - name: Run Trivy vulnerability scanner in repo mode
         uses: aquasecurity/trivy-action@master
         with:
@@ -46,7 +51,7 @@ jobs:
             dockerfile: Dockerfile
     runs-on: ubuntu-latest
     steps:
-      - name: Checkout 
+      - name: Checkout
         uses: actions/checkout@v3
 
       - name: Set the environment variables