diff --git a/docs/getting-started/continuous_integration.md b/docs/getting-started/continuous_integration.md
index 1a3fb9e3f..93e399008 100644
--- a/docs/getting-started/continuous_integration.md
+++ b/docs/getting-started/continuous_integration.md
@@ -69,9 +69,12 @@ cifuzz.yml for an example project:
 ```yaml
 name: CIFuzz
 on: [pull_request]
+permissions: {}
 jobs:
  Fuzzing:
    runs-on: ubuntu-latest
+   permissions:
+     security-events: write
    steps:
    - name: Build Fuzzers
      id: build
@@ -138,9 +141,13 @@ can be used. To use a sanitizer add it to the list of sanitizers in the matrix f
 {% raw %}
 name: CIFuzz
 on: [pull_request]
+permissions: {}
 jobs:
  Fuzzing:
    runs-on: ubuntu-latest
+   # Uncomment this to get results in the GitHub security dashboard.
+   permissions:
+     security-events: write
    strategy:
      fail-fast: false
      matrix:
@@ -199,6 +206,7 @@ on:
       - '**.cpp'
       - '**.cxx'
       - '**.h'
+permissions: {}
 jobs:
  Fuzzing:
    runs-on: ubuntu-latest
diff --git a/infra/cifuzz/example_cifuzz.yml b/infra/cifuzz/example_cifuzz.yml
index 5f31b381c..67b56813f 100644
--- a/infra/cifuzz/example_cifuzz.yml
+++ b/infra/cifuzz/example_cifuzz.yml
@@ -1,8 +1,11 @@
 name: CIFuzz
 on: [pull_request]
+permissions: {}
 jobs:
   Fuzzing:
     runs-on: ubuntu-latest
+    permissions:
+      security-events: write
     steps:
     - name: Build Fuzzers
       id: build
@@ -19,4 +22,12 @@ jobs:
       if: failure() && steps.build.outcome == 'success'
       with:
         name: artifacts
-        path: ./out/artifacts
+        path: ./out/artifacts   
+   # Uncomment this to get results in the GitHub security dashboard.
+   # - name: Upload Sarif
+   #  if: always() && steps.build.outcome == 'success'
+   #  uses: github/codeql-action/upload-sarif@v2
+   #  with:
+   #    # Path to SARIF file relative to the root of the repository
+   #    sarif_file: cifuzz-sarif/results.sarif
+   #    checkout_path: cifuzz-sarif