diff --git a/.github/workflows/amazon-inspector-image-scan.yml b/.github/workflows/amazon-inspector-image-scan.yml
index adabc6c..45ee976 100644
--- a/.github/workflows/amazon-inspector-image-scan.yml
+++ b/.github/workflows/amazon-inspector-image-scan.yml
@@ -22,6 +22,8 @@ on:
         required: false
         type: string
         default: "https://inspector-scan.us-east-1.amazonaws.com"
+permissions:
+  id-token: write
 jobs:
   build:
     runs-on: ubuntu-latest