diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 14fc3a40e..21a90a37f 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -1,11 +1,10 @@
-# To get started with Dependabot version updates, you'll need to specify which
-# package ecosystems to update and where the package manifests are located.
-# Please see the documentation for all configuration options:
-# https://help.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
-
 version: 2
 updates:
-  - package-ecosystem: "gradle" # See documentation for possible values
-    directory: "/" # Location of package manifests
+  - package-ecosystem: "gradle"
+    directory: "/"
     schedule:
       interval: "daily"
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
diff --git a/.github/workflows/android.yml b/.github/workflows/android.yml
index 567207817..d5dd27d26 100644
--- a/.github/workflows/android.yml
+++ b/.github/workflows/android.yml
@@ -9,6 +9,20 @@ on:
   pull_request:
     branches:
       - main
+permissions:
+  actions: none
+  checks: none
+  contents: read
+  deployments: none
+  discussions: none
+  id-token: none
+  issues: none
+  packages: none
+  pages: none
+  pull-requests: none
+  repository-projects: none
+  security-events: none
+  statuses: none
 env:
   JAVA_HOME: /usr/lib/jvm/java-17-openjdk-amd64
 jobs:
diff --git a/.github/workflows/changelog-to-fastlane.yml b/.github/workflows/changelog-to-fastlane.yml
index 3d0f3d5f2..44ec4e9e3 100644
--- a/.github/workflows/changelog-to-fastlane.yml
+++ b/.github/workflows/changelog-to-fastlane.yml
@@ -6,6 +6,20 @@ on:
       - main
     paths:
       - 'CHANGELOG.md'
+permissions:
+  actions: none
+  checks: none
+  contents: read
+  deployments: none
+  discussions: none
+  id-token: none
+  issues: none
+  packages: none
+  pages: none
+  pull-requests: write
+  repository-projects: none
+  security-events: none
+  statuses: none
 jobs:
   convert_changelog_to_fastlane:
     runs-on: ubuntu-latest
diff --git a/.github/workflows/contributors-to-file.yml b/.github/workflows/contributors-to-file.yml
index 9331f79a6..1c046a819 100644
--- a/.github/workflows/contributors-to-file.yml
+++ b/.github/workflows/contributors-to-file.yml
@@ -3,7 +3,20 @@ on:
   workflow_dispatch:
   schedule:
     - cron: '3 4 * * 0'
-
+permissions:
+  actions: none
+  checks: none
+  contents: write
+  deployments: none
+  discussions: none
+  id-token: none
+  issues: none
+  packages: none
+  pages: none
+  pull-requests: write
+  repository-projects: none
+  security-events: none
+  statuses: none
 jobs:
   contributors_to_file:
     runs-on: ubuntu-latest
diff --git a/.github/workflows/generate-feature-graphic.yml b/.github/workflows/generate-feature-graphic.yml
index 7a654591f..cdac24d02 100644
--- a/.github/workflows/generate-feature-graphic.yml
+++ b/.github/workflows/generate-feature-graphic.yml
@@ -6,6 +6,20 @@ on:
       - main
     paths:
       - 'fastlane/**/title.txt'
+permissions:
+  actions: none
+  checks: none
+  contents: write
+  deployments: none
+  discussions: none
+  id-token: none
+  issues: none
+  packages: none
+  pages: none
+  pull-requests: write
+  repository-projects: none
+  security-events: none
+  statuses: none
 jobs:
   generate-feature-graphic:
     runs-on: ubuntu-latest
diff --git a/.github/workflows/update-locales.yml b/.github/workflows/update-locales.yml
index 280db4801..44078fbc1 100644
--- a/.github/workflows/update-locales.yml
+++ b/.github/workflows/update-locales.yml
@@ -6,6 +6,20 @@ on:
       - main
     paths:
       - app/src/main/res/values/settings.xml
+permissions:
+  actions: none
+  checks: none
+  contents: write
+  deployments: none
+  discussions: none
+  id-token: none
+  issues: none
+  packages: none
+  pages: none
+  pull-requests: write
+  repository-projects: none
+  security-events: none
+  statuses: none
 jobs:
   update-locales:
     runs-on: ubuntu-latest