diff --git a/.github/workflows/build-and-test.yaml b/.github/workflows/build-and-test.yaml
index 09ba7e7..3458e80 100644
--- a/.github/workflows/build-and-test.yaml
+++ b/.github/workflows/build-and-test.yaml
@@ -216,7 +216,7 @@ jobs:
     needs: deploy
     permissions:
       security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
-      actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
+      contents: write # for sbom-action artifact uploads
     runs-on: ubuntu-latest
     steps:
       -