diff --git a/.github/scripts/publish-npm.sh b/.github/scripts/publish-npm.sh
index 5751f12f69c..4923a170865 100644
--- a/.github/scripts/publish-npm.sh
+++ b/.github/scripts/publish-npm.sh
@@ -60,6 +60,7 @@ for REGISTRY in 'GITHUB' 'NPM'; do
 	# TODO: Add other build as well
 	for PACKAGE in 'foundations' 'components' 'ngx-components' 'react-components' 'v-components' 'web-components'; do
 		echo "⤴ Publish $PACKAGE with tag $TAG to $REGISTRY"
-		npm publish --tag "$TAG" db-ui-"$PACKAGE"-"$VALID_SEMVER_VERSION".tgz
+  		# https://docs.npmjs.com/generating-provenance-statements#example-github-actions-workflow
+		npm publish --tag "$TAG" db-ui-"$PACKAGE"-"$VALID_SEMVER_VERSION".tgz --provenance
 	done
 done
diff --git a/.github/workflows/03-publish-packages.yml b/.github/workflows/03-publish-packages.yml
index 80e5276a1d5..acfbed8b104 100644
--- a/.github/workflows/03-publish-packages.yml
+++ b/.github/workflows/03-publish-packages.yml
@@ -20,6 +20,9 @@ jobs:
   publish:
     name: Publish latest package versions to GitHub Packages
     runs-on: ubuntu-latest
+    permissions:
+      id-token: write
+      contents: write
     steps:
       - name: ⏬ Checkout repo
         uses: actions/checkout@v4