diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index fada4d3c85..04dd79c678 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -247,6 +247,8 @@ jobs:
       issues: read
       pull-requests: read
       id-token: write
+      attestations: write
+      artifact-metadata: write
     uses: ./.github/workflows/pipeline-electron-build-and-test.yml
     needs: checkout-macos
     with:
@@ -267,6 +269,8 @@ jobs:
       issues: read
       pull-requests: read
       id-token: write
+      attestations: write
+      artifact-metadata: write
     uses: ./.github/workflows/pipeline-electron-build-and-test.yml
     needs: checkout-macos
     with:
@@ -287,6 +291,8 @@ jobs:
       issues: read
       pull-requests: read
       id-token: write
+      attestations: write
+      artifact-metadata: write      
     uses: ./.github/workflows/pipeline-electron-build-and-tidy-and-test-and-nan.yml
     needs: checkout-linux
     if: ${{ needs.setup.outputs.src == 'true' }}
@@ -311,6 +317,8 @@ jobs:
       issues: read
       pull-requests: read
       id-token: write
+      attestations: write
+      artifact-metadata: write      
     uses: ./.github/workflows/pipeline-electron-build-and-test.yml
     needs: checkout-linux
     if: ${{ needs.setup.outputs.src == 'true' }}
@@ -334,6 +342,8 @@ jobs:
       issues: read
       pull-requests: read
       id-token: write
+      attestations: write
+      artifact-metadata: write      
     uses: ./.github/workflows/pipeline-electron-build-and-test.yml
     needs: checkout-linux
     if: ${{ needs.setup.outputs.src == 'true' }}
@@ -356,6 +366,8 @@ jobs:
       issues: read
       pull-requests: read
       id-token: write
+      attestations: write
+      artifact-metadata: write      
     uses: ./.github/workflows/pipeline-electron-build-and-test.yml
     needs: checkout-linux
     if: ${{ needs.setup.outputs.src == 'true' }}
@@ -378,6 +390,8 @@ jobs:
       issues: read
       pull-requests: read
       id-token: write
+      attestations: write
+      artifact-metadata: write      
     uses: ./.github/workflows/pipeline-electron-build-and-test.yml
     needs: checkout-windows
     if: ${{ needs.setup.outputs.src == 'true' && !inputs.skip-windows }}
@@ -398,6 +412,8 @@ jobs:
       issues: read
       pull-requests: read
       id-token: write
+      attestations: write
+      artifact-metadata: write      
     uses: ./.github/workflows/pipeline-electron-build-and-test.yml
     needs: checkout-windows
     if: ${{ needs.setup.outputs.src == 'true' && !inputs.skip-windows }}
@@ -418,6 +434,8 @@ jobs:
       issues: read
       pull-requests: read
       id-token: write
+      attestations: write
+      artifact-metadata: write      
     uses: ./.github/workflows/pipeline-electron-build-and-test.yml
     needs: checkout-windows
     if: ${{ needs.setup.outputs.src == 'true' && !inputs.skip-windows }}
diff --git a/.github/workflows/pipeline-electron-build-and-test-and-nan.yml b/.github/workflows/pipeline-electron-build-and-test-and-nan.yml
index 182d6f8e87..e4cad970de 100644
--- a/.github/workflows/pipeline-electron-build-and-test-and-nan.yml
+++ b/.github/workflows/pipeline-electron-build-and-test-and-nan.yml
@@ -67,6 +67,8 @@ jobs:
     permissions:
       contents: read
       id-token: write
+      attestations: write
+      artifact-metadata: write
     with:
       build-runs-on: ${{ inputs.build-runs-on }}
       build-container: ${{ inputs.build-container }}
diff --git a/.github/workflows/pipeline-electron-build-and-test.yml b/.github/workflows/pipeline-electron-build-and-test.yml
index 735e314633..5a4019165f 100644
--- a/.github/workflows/pipeline-electron-build-and-test.yml
+++ b/.github/workflows/pipeline-electron-build-and-test.yml
@@ -72,6 +72,8 @@ jobs:
     permissions:
       contents: read
       id-token: write
+      attestations: write
+      artifact-metadata: write      
     with:
       build-runs-on: ${{ inputs.build-runs-on }}
       build-container: ${{ inputs.build-container }}
diff --git a/.github/workflows/pipeline-electron-build-and-tidy-and-test-and-nan.yml b/.github/workflows/pipeline-electron-build-and-tidy-and-test-and-nan.yml
index 93b3233fe2..dadeeb5e87 100644
--- a/.github/workflows/pipeline-electron-build-and-tidy-and-test-and-nan.yml
+++ b/.github/workflows/pipeline-electron-build-and-tidy-and-test-and-nan.yml
@@ -76,6 +76,8 @@ jobs:
     permissions:
       contents: read
       id-token: write
+      attestations: write
+      artifact-metadata: write      
     with:
       build-runs-on: ${{ inputs.build-runs-on }}
       build-container: ${{ inputs.build-container }}
diff --git a/.github/workflows/pipeline-electron-build-and-tidy-and-test.yml b/.github/workflows/pipeline-electron-build-and-tidy-and-test.yml
index 38433308c3..bedcc1c185 100644
--- a/.github/workflows/pipeline-electron-build-and-tidy-and-test.yml
+++ b/.github/workflows/pipeline-electron-build-and-tidy-and-test.yml
@@ -81,6 +81,8 @@ jobs:
     permissions:
       contents: read
       id-token: write
+      attestations: write
+      artifact-metadata: write      
     with:
       build-runs-on: ${{ inputs.build-runs-on }}
       build-container: ${{ inputs.build-container }}
diff --git a/.github/workflows/pipeline-segment-electron-build.yml b/.github/workflows/pipeline-segment-electron-build.yml
index a65621dca4..a8f258de64 100644
--- a/.github/workflows/pipeline-segment-electron-build.yml
+++ b/.github/workflows/pipeline-segment-electron-build.yml
@@ -91,6 +91,8 @@ jobs:
     permissions:
       contents: read
       id-token: write
+      attestations: write
+      artifact-metadata: write      
     container: ${{ fromJSON(inputs.build-container) }}
     environment: ${{ inputs.environment }}
     env: