diff --git a/.github/workflows/_docker-build.yml b/.github/workflows/_docker-build.yml
index 7055c4c32..6b7d48e03 100644
--- a/.github/workflows/_docker-build.yml
+++ b/.github/workflows/_docker-build.yml
@@ -24,8 +24,10 @@ jobs:
   build:
     runs-on: ubuntu-latest
     permissions:
+      id-token: write
       contents: read
       packages: write
+      attestations: write
     outputs:
       tags: ${{ steps.meta.outputs.tags }}
     steps:
diff --git a/.github/workflows/data-cicd.yml b/.github/workflows/data-cicd.yml
index a8835055b..6846aaa2f 100644
--- a/.github/workflows/data-cicd.yml
+++ b/.github/workflows/data-cicd.yml
@@ -44,5 +44,7 @@ jobs:
       context: ./data
       dockerfile: Dockerfile
     permissions:
+      id-token: write
       contents: read
       packages: write
+      attestations: write
diff --git a/.github/workflows/server-cicd.yml b/.github/workflows/server-cicd.yml
index 0f237dc1b..1afe70174 100644
--- a/.github/workflows/server-cicd.yml
+++ b/.github/workflows/server-cicd.yml
@@ -58,5 +58,7 @@ jobs:
       context: ./server
       dockerfile: Dockerfile
     permissions:
+      id-token: write
       contents: read
       packages: write
+      attestations: write
diff --git a/.github/workflows/webclient-cicd.yml b/.github/workflows/webclient-cicd.yml
index b6c64149b..06f683a2f 100644
--- a/.github/workflows/webclient-cicd.yml
+++ b/.github/workflows/webclient-cicd.yml
@@ -34,5 +34,7 @@ jobs:
       context: ./webclient
       dockerfile: Dockerfile
     permissions:
+      id-token: write
       contents: read
       packages: write
+      attestations: write