diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index e39c88b..812dd50 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -1,6 +1,3 @@
-# Basic dependabot.yml file with
-# minimum configuration for two package managers
-
 version: 2
 updates:
   # Enable version updates for cargo
@@ -9,26 +6,6 @@ updates:
     schedule:
       interval: "daily"
 
-  - package-ecosystem: "cargo"
-    directory: "/rpxy-bin"
-    schedule:
-      interval: "daily"
-
-  - package-ecosystem: "cargo"
-    directory: "/rpxy-lib"
-    schedule:
-      interval: "daily"
-
-  - package-ecosystem: "cargo"
-    directory: "/rpxy-certs"
-    schedule:
-      interval: "daily"
-
-  - package-ecosystem: "cargo"
-    directory: "/rpxy-acme"
-    schedule:
-      interval: "daily"
-
   # Enable version updates for Docker
   - package-ecosystem: "docker"
     directory: "/docker"
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index d9c9478..ec06f55 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -5,6 +5,9 @@ on:
   pull_request:
     types: [synchronize, opened]
 
+permissions:
+  contents: read
+
 env:
   CARGO_TERM_COLOR: always
 
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 8c0dca6..d2d0517 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -14,6 +14,10 @@ on:
 
 jobs:
   on-success:
+    permissions:
+      contents: read
+      packages: read
+
     runs-on: ubuntu-latest
     if: ${{ github.event_name == 'workflow_run' && github.event.workflow_run.conclusion == 'success' }} || ${{ github.event_name == 'repositry_dispatch' }}
     strategy:
@@ -98,12 +102,18 @@ jobs:
           path: "/tmp/${{ steps.set-env.outputs.target_name }}"
 
   on-failure:
+    permissions:
+      contents: read
+
     runs-on: ubuntu-latest
     if: ${{ github.event_name == 'workflow_run' && github.event.workflow_run.conclusion == 'failure' }}
     steps:
       - run: echo 'The release triggering workflows failed'
 
   release:
+    permissions:
+      contents: write
+
     runs-on: ubuntu-latest
     if: ${{ github.event_name == 'repository_dispatch' }}
     needs: on-success
diff --git a/.github/workflows/release_docker.yml b/.github/workflows/release_docker.yml
index 9ebc053..57fe7fd 100644
--- a/.github/workflows/release_docker.yml
+++ b/.github/workflows/release_docker.yml
@@ -16,6 +16,10 @@ env:
 
 jobs:
   build_and_push:
+    permissions:
+      contents: read
+      packages: write
+
     runs-on: ubuntu-22.04
     if: ${{ github.event_name == 'push' }} || ${{ github.event_name == 'pull_request' && github.event.pull_request.merged == true }}
     strategy:
@@ -199,6 +203,10 @@ jobs:
           labels: ${{ steps.meta.outputs.labels }}
 
   dispatch_release_event:
+    permissions:
+      contents: write
+      actions: write
+
     runs-on: ubuntu-latest
     if: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.ref == 'develop' && github.event.pull_request.base.ref == 'main' && github.event.pull_request.merged == true }}
     needs: build_and_push
diff --git a/.github/workflows/shift_left.yml b/.github/workflows/shift_left.yml
index 48e0c18..c8a4fa4 100644
--- a/.github/workflows/shift_left.yml
+++ b/.github/workflows/shift_left.yml
@@ -7,6 +7,8 @@ on:
 
 jobs:
   Scan-Build:
+    permissions:
+      contents: read
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4