diff --git a/.github/workflows/docker-build.yml b/.github/workflows/docker-build.yml
index 6fca9b0..fccddf2 100644
--- a/.github/workflows/docker-build.yml
+++ b/.github/workflows/docker-build.yml
@@ -1,7 +1,7 @@
 ---
 name: test
 on: [push, pull_request]
-
+permissions: {}
 jobs:
   docker:
     runs-on: ubuntu-latest
diff --git a/.github/workflows/zizmor.yml b/.github/workflows/zizmor.yml
index c09cf12..5c7ec52 100644
--- a/.github/workflows/zizmor.yml
+++ b/.github/workflows/zizmor.yml
@@ -27,6 +27,6 @@ jobs:
           enable-cache: false
 
       - name: Run zizmor
-        run: uvx zizmor --format plain .
+        run: uvx zizmor@1.2.2 --format plain .
         env:
           GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}