diff --git a/.github/workflows/move-bot-pr-to-review.yaml b/.github/workflows/move-bot-pr-to-review.yaml
index 6a90ecc988..8fbd3b26a4 100644
--- a/.github/workflows/move-bot-pr-to-review.yaml
+++ b/.github/workflows/move-bot-pr-to-review.yaml
@@ -14,6 +14,10 @@ jobs:
     runs-on: ubuntu-22.04
     # only run if the branch starts with 'dependabot/' or 'dependencies/upgrading' 
     if: startsWith(github.head_ref, 'dependabot/') || startsWith(github.head_ref, 'dependencies/upgrading')
+    permissions:
+      pull-requests: write
+      repository-projects: write
+    
     steps:
       - uses: actions/checkout@v4
 
@@ -33,10 +37,12 @@ jobs:
               }
             }" | jq -r '.data.addProjectV2ItemById.item.id') >> $GITHUB_ENV
         env: 
-          GH_TOKEN: ${{ secrets.SCB_BOT_USER_TOKEN }} 
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} 
           PR_ID: ${{ github.event.pull_request.node_id }}
 
       - name: Move PR to column To Review
+        # only move SCB-Bot, since dependabot is not part of core team and therefore has no access to secrets
+        if: startsWith(github.head_ref, 'dependencies/upgrading')
         run: |
           # Get the ID for the field Status 
           # gh project field-list 6 --owner secureCodeBox