diff --git a/knowledge-base/actions/actions/dependency-review-action/action-security.yml b/knowledge-base/actions/actions/dependency-review-action/action-security.yml
new file mode 100644
index 00000000..3b1493c2
--- /dev/null
+++ b/knowledge-base/actions/actions/dependency-review-action/action-security.yml
@@ -0,0 +1,9 @@
+name: 'Dependency Review'
+github-token:
+  action-input:
+    input: repo-token
+    is-default: true
+  permissions:
+   pull-requests: write
+   pull-requests-reason: to post comments on PRs #Checkout: https://github.com/actions/dependency-review-action/blob/e3fb5152be474702523c77d8f5ecd4c0a5bde872/action.yml#L44
+   pull-requests-if: ${{ contains(with, 'comment-summary-in-pr') && with['comment-summary-in-pr'] == 'true' }}
diff --git a/knowledge-base/actions/gabrielbb/xvfb-action/action-security.yml b/knowledge-base/actions/gabrielbb/xvfb-action/action-security.yml
new file mode 100644
index 00000000..c1d9c156
--- /dev/null
+++ b/knowledge-base/actions/gabrielbb/xvfb-action/action-security.yml
@@ -0,0 +1,2 @@
+name: 'gabrielbb/xvfb-action' # GabrielBB/xvfb-action
+# GITHUB_TOKEN not used
diff --git a/knowledge-base/actions/lukka/run-cmake/action-security.yml b/knowledge-base/actions/lukka/run-cmake/action-security.yml
new file mode 100644
index 00000000..b82a5a4d
--- /dev/null
+++ b/knowledge-base/actions/lukka/run-cmake/action-security.yml
@@ -0,0 +1,2 @@
+name: 'run-cmake' # lukka/run-cmake
+# GITHUB_TOKEN not used
diff --git a/knowledge-base/actions/rustcrypto/actions/cargo-cache/action-security.yml b/knowledge-base/actions/rustcrypto/actions/cargo-cache/action-security.yml
new file mode 100644
index 00000000..12df600b
--- /dev/null
+++ b/knowledge-base/actions/rustcrypto/actions/cargo-cache/action-security.yml
@@ -0,0 +1,2 @@
+name: "cargo-cache" # RustCrypto/actions/cargo-cache
+# GITHUB_TOKEN not used
diff --git a/knowledge-base/actions/uraimo/run-on-arch-action/action-security.yml b/knowledge-base/actions/uraimo/run-on-arch-action/action-security.yml
new file mode 100644
index 00000000..124bc75c
--- /dev/null
+++ b/knowledge-base/actions/uraimo/run-on-arch-action/action-security.yml
@@ -0,0 +1,8 @@
+name: 'Run on architecture'
+github-token:
+  action-input:
+    input: githubToken
+    is-default: false
+  permissions:
+    packages: write
+    packages-reason: to cache docker images #Reference: https://github.com/uraimo/run-on-arch-action/blob/a8003307a739516fdd80ee6d3da8924db811b8da/action.yml#L17