diff --git a/.github/workflows/check-size.yml b/.github/workflows/check-size.yml
index 44fb5324e..6bbd24925 100644
--- a/.github/workflows/check-size.yml
+++ b/.github/workflows/check-size.yml
@@ -6,6 +6,9 @@ on:
   pull_request:
     branches: [main, release-*]
 
+permissions:  
+  contents: read
+
 env:
   GO_VERSION: '1.21'
 
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index 9ddcce1ae..96365eb1e 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -10,11 +10,17 @@ on:
   schedule:
     - cron: '0 4 * * *'
 
+permissions:  
+  contents: read
+
 jobs:
   analyze:
     name: Analyze
     runs-on: ubuntu-latest
 
+    permissions:
+      security-events: write
+
     strategy:
       fail-fast: false
       matrix:
diff --git a/.github/workflows/compatibility-e2e-v1.yml b/.github/workflows/compatibility-e2e-v1.yml
index 67f497ea5..350f2e210 100644
--- a/.github/workflows/compatibility-e2e-v1.yml
+++ b/.github/workflows/compatibility-e2e-v1.yml
@@ -10,6 +10,9 @@ on:
   schedule:
     - cron: '0 4 * * *'
 
+permissions:  
+  contents: read
+
 env:
   KIND_VERSION: v0.12.0
   CONTAINERD_VERSION: v1.5.2
diff --git a/.github/workflows/compatibility-e2e-v2.yml b/.github/workflows/compatibility-e2e-v2.yml
index ed7b0de02..1b88b98fe 100644
--- a/.github/workflows/compatibility-e2e-v2.yml
+++ b/.github/workflows/compatibility-e2e-v2.yml
@@ -10,6 +10,9 @@ on:
   schedule:
     - cron: '0 4 * * *'
 
+permissions:  
+  contents: read
+
 env:
   KIND_VERSION: v0.12.0
   CONTAINERD_VERSION: v1.5.2
diff --git a/.github/workflows/cr.yml b/.github/workflows/cr.yml
deleted file mode 100644
index d38b00672..000000000
--- a/.github/workflows/cr.yml
+++ /dev/null
@@ -1,24 +0,0 @@
-name: Code Review
-
-permissions:
-  contents: read
-  pull-requests: write
-
-on:
-  pull_request:
-    types: [opened, reopened, synchronize]
-    branches:
-      - 'code-review'
-
-jobs:
-  chatgpt_code_review:
-    runs-on: ubuntu-latest
-    steps:
-      - name: ChatGPT Code Review
-        uses: anc95/ChatGPT-CodeReview@main
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}
-          LANGUAGE: English
-          top_p: 1
-          temperature: 1
diff --git a/.github/workflows/e2e-v1.yml b/.github/workflows/e2e-v1.yml
index 9a3f73a6e..f5dfb58b2 100644
--- a/.github/workflows/e2e-v1.yml
+++ b/.github/workflows/e2e-v1.yml
@@ -10,6 +10,9 @@ on:
   schedule:
     - cron: '0 4 * * *'
 
+permissions:  
+  contents: read
+
 env:
   KIND_VERSION: v0.12.0
   CONTAINERD_VERSION: v1.5.2
diff --git a/.github/workflows/e2e-v2-nydus.yml b/.github/workflows/e2e-v2-nydus.yml
index 9480229dc..2fcd86c02 100644
--- a/.github/workflows/e2e-v2-nydus.yml
+++ b/.github/workflows/e2e-v2-nydus.yml
@@ -10,6 +10,9 @@ on:
   schedule:
     - cron: '0 4 * * *'
 
+permissions:  
+  contents: read
+
 env:
   GO_VERSION: '1.21'
   KIND_VERSION: v0.12.0
diff --git a/.github/workflows/e2e-v2.yml b/.github/workflows/e2e-v2.yml
index 173ae8dcc..85f4d8084 100644
--- a/.github/workflows/e2e-v2.yml
+++ b/.github/workflows/e2e-v2.yml
@@ -10,6 +10,9 @@ on:
   schedule:
     - cron: '0 4 * * *'
 
+permissions:  
+  contents: read
+
 env:
   KIND_VERSION: v0.12.0
   CONTAINERD_VERSION: v1.5.2