diff --git a/.github/workflows/build-static-tests.yaml b/.github/workflows/build-static-tests.yaml
index 52c870c..372d1ba 100644
--- a/.github/workflows/build-static-tests.yaml
+++ b/.github/workflows/build-static-tests.yaml
@@ -4,5 +4,15 @@ on:
 jobs:
   static:
     uses: nolte/gh-plumbing/.github/workflows/reuseable-pre-commit.yaml@v1.0.24
+
   security:
     uses: nolte/gh-plumbing/.github/workflows/reuseable-trivy.yaml@v1.0.24
+    permissions:
+      contents: read # for actions/checkout to fetch code
+      security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
+      actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
+
+  chain-bench:
+    uses: nolte/gh-plumbing/.github/workflows/reuseable-chain-bench.yaml@v1.0.24
+    secrets:
+      token: ${{ secrets.GITHUB_TOKEN }}
\ No newline at end of file