diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
index c11b8f2803..3971d9a30b 100644
--- a/.github/workflows/lint.yml
+++ b/.github/workflows/lint.yml
@@ -16,7 +16,7 @@ permissions: {}
 env:
   FORCE_COLOR: 3
   TERM: xterm
-  ZIZMOR_VERSION: '1.16.3'
+  ZIZMOR_VERSION: '1.18.0'
 
 jobs:
   lint:
diff --git a/.github/workflows/ossf-scorecard.yml b/.github/workflows/ossf-scorecard.yml
index 936e43ea0a..140306a7ce 100644
--- a/.github/workflows/ossf-scorecard.yml
+++ b/.github/workflows/ossf-scorecard.yml
@@ -7,7 +7,7 @@ on:
     - cron: '0 8 * * MON'
   workflow_dispatch:
 
-permissions: read-all
+permissions: read-all # zizmor: ignore[excessive-permissions] Recommended permissions for OSSF Scorecard
 
 jobs:
   analysis: