diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
index c320277..60776eb 100644
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@@ -6,6 +6,10 @@ name: build
 on:
   workflow_dispatch:
     
+permissions:
+  id-token: write
+  contents: read
+
 jobs:
   test3d:
     uses: equinor/warmth/.github/workflows/python-test-3d.yml@main
@@ -19,6 +23,8 @@ jobs:
       action_type: ${{ github.event.action}}
   snyk:
     uses: equinor/warmth/.github/workflows/snyk.yml@main
+    secrets:
+      SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
   docs:
     uses: equinor/warmth/.github/workflows/docs.yml@main
 
diff --git a/.github/workflows/snyk.yml b/.github/workflows/snyk.yml
index 27512ac..3acf177 100644
--- a/.github/workflows/snyk.yml
+++ b/.github/workflows/snyk.yml
@@ -3,6 +3,9 @@ on:
     push:
         branches: [main, dev]
     workflow_call:
+      secrets:
+        SNYK_TOKEN:
+          required: true
 jobs:
   security:
     runs-on: ubuntu-latest