diff --git a/.github/workflows/vulnerability-scan.yml b/.github/workflows/vulnerability-scan.yml
index ddbb926c07057..869a89acd2d07 100644
--- a/.github/workflows/vulnerability-scan.yml
+++ b/.github/workflows/vulnerability-scan.yml
@@ -3,15 +3,13 @@ on: pull_request
 
 permissions:
   pull-requests: write
-  contents: write
+  issues: write
 
 jobs:
   snyk:
     name: Snyk Scan
     runs-on: ubuntu-latest
-    permissions:
-      issues: write
-      pull-requests: write
+    if: ${{ !github.event.pull_request.head.repo.fork }}
     steps:
       - name: Checkout code
         uses: actions/checkout@master
@@ -50,9 +48,7 @@ jobs:
   trivy:
     name: Trivy Scan
     runs-on: ubuntu-20.04
-    permissions:
-      issues: write
-      pull-requests: write
+    if: ${{ !github.event.pull_request.head.repo.fork }}
     steps:
       - name: Checkout code
         uses: actions/checkout@v3