diff --git a/.github/workflows/ci_consumption_workflow.yml b/.github/workflows/ci_consumption_workflow.yml
index 4dbc1e365..59f445147 100644
--- a/.github/workflows/ci_consumption_workflow.yml
+++ b/.github/workflows/ci_consumption_workflow.yml
@@ -18,7 +18,7 @@ jobs:
       fail-fast: false
       matrix:
         python-version: [ 3.7, 3.8, 3.9, "3.10", "3.11" ]
-
+    permissions: read-all
     steps:
       - name: Checkout code.
         uses: actions/checkout@v2
diff --git a/.github/workflows/ci_docker_con_workflow.yml b/.github/workflows/ci_docker_con_workflow.yml
index e5b7b4613..d5a32a59a 100644
--- a/.github/workflows/ci_docker_con_workflow.yml
+++ b/.github/workflows/ci_docker_con_workflow.yml
@@ -17,6 +17,7 @@ jobs:
       fail-fast: false
       matrix:
         python-version: [ 3.7, 3.8, 3.9, "3.10" ]
+    permissions: read-all
     env:
         CONSUMPTION_DOCKER_TEST: "true"
 
diff --git a/.github/workflows/ci_docker_custom_workflow.yml b/.github/workflows/ci_docker_custom_workflow.yml
index 142ec7751..6e1c87cb1 100644
--- a/.github/workflows/ci_docker_custom_workflow.yml
+++ b/.github/workflows/ci_docker_custom_workflow.yml
@@ -34,6 +34,7 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       fail-fast: false
+    permissions: read-all
     env:
         DEDICATED_DOCKER_TEST: ${{ github.event.inputs.DEDICATED_DOCKER_TEST }}
         CONSUMPTION_DOCKER_TEST: ${{ github.event.inputs.CONSUMPTION_DOCKER_TEST }}
diff --git a/.github/workflows/ci_docker_ded_workflow.yml b/.github/workflows/ci_docker_ded_workflow.yml
index 1bfc1fd8a..28db20b9b 100644
--- a/.github/workflows/ci_docker_ded_workflow.yml
+++ b/.github/workflows/ci_docker_ded_workflow.yml
@@ -17,6 +17,7 @@ jobs:
       fail-fast: false
       matrix:
         python-version: [ 3.7, 3.8, 3.9, "3.10" ]
+    permissions: read-all
     env:
         DEDICATED_DOCKER_TEST: "true"
 
diff --git a/.github/workflows/ci_e2e_workflow.yml b/.github/workflows/ci_e2e_workflow.yml
index 8138121da..27d453c04 100644
--- a/.github/workflows/ci_e2e_workflow.yml
+++ b/.github/workflows/ci_e2e_workflow.yml
@@ -22,7 +22,7 @@ jobs:
       fail-fast: false
       matrix:
         python-version: [ 3.7, 3.8, 3.9, "3.10", "3.11" ]
-
+    permissions: read-all
     steps:
       - name: Checkout code.
         uses: actions/checkout@v2
diff --git a/.github/workflows/ci_ut_workflow.yml b/.github/workflows/ci_ut_workflow.yml
index d775170f4..1072cd403 100644
--- a/.github/workflows/ci_ut_workflow.yml
+++ b/.github/workflows/ci_ut_workflow.yml
@@ -21,6 +21,7 @@ jobs:
       fail-fast: false
       matrix:
         python-version: [ 3.7, 3.8, 3.9, "3.10", "3.11" ]
+    permissions: read-all
     steps:
     - uses: actions/checkout@v2
     - name: Set up Python ${{ matrix.python-version }}
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index 8a2cf0645..54772ae44 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -35,7 +35,8 @@ jobs:
         language: [ 'python' ]
         # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
         # Learn more about CodeQL language support at https://git.io/codeql-language-support
-
+    permissions: read-all
+    
     steps:
     - name: Checkout repository
       uses: actions/checkout@v3
diff --git a/.github/workflows/linter.yml b/.github/workflows/linter.yml
index 4940aa1e3..83e6f572f 100644
--- a/.github/workflows/linter.yml
+++ b/.github/workflows/linter.yml
@@ -26,6 +26,7 @@ jobs:
     name: Lint Code Base
     # Set the agent to run on
     runs-on: ubuntu-latest
+    permissions: read-all
 
     ##################
     # Load all steps #
diff --git a/.github/workflows/ogf_workflow.yml b/.github/workflows/ogf_workflow.yml
index bb1ed3d49..41fc79f28 100644
--- a/.github/workflows/ogf_workflow.yml
+++ b/.github/workflows/ogf_workflow.yml
@@ -62,6 +62,7 @@ jobs:
       STORAGE_ACCOUNT_NAME: "ogf${{ matrix.sku }}${{ matrix.region }}${{ github.run_number }}"
       FUNCTION_APP_PLAN_NAME: "ogf-epplan-${{ matrix.sku }}-${{ matrix.region }}-${{ github.run_number }}"
     runs-on: ubuntu-latest
+    permissions: read-all
     timeout-minutes: 30
     strategy:
       # V. IMPORTANT: Copy this strategy section to the dependent
diff --git a/.github/workflows/perf-testing-setup.yml b/.github/workflows/perf-testing-setup.yml
index 19c7453fd..eff490906 100644
--- a/.github/workflows/perf-testing-setup.yml
+++ b/.github/workflows/perf-testing-setup.yml
@@ -11,6 +11,13 @@ on:
         description: 'List of perf tests to run'
         required: false
         default: SyncHelloWorld
+      report_format:
+        description: 'Format of profiling report'
+        type: choice
+        required: true
+        options:
+        - speedscope
+        - flamegraph
   issue_comment:                                     
     types: [created]
 env:
@@ -21,8 +28,9 @@ env:
 
 jobs:
   build:
-    if: ${{ github.event_name == 'workflow_dispatch' || github.event.issue.pull_request && contains(github.event.comment.body, '/profile') }} 
+    if: ${{ github.event_name == 'workflow_dispatch' || github.event.issue.pull_request != null && contains(github.event.comment.body, '/profile') }} 
     runs-on: ubuntu-latest
+    permissions: read-all
     strategy:
       fail-fast: false
       matrix:
@@ -74,9 +82,16 @@ jobs:
         docker exec $container_id sh -c "pip install py-spy"
         docker exec $container_id sh -c "mkdir /home/profiling_reports"
         profiling_sampling_rate=${{ github.event.inputs.profiling_sampling_rate }}
-        # report_name="${GITHUB_REF#refs/heads/}_${{ github.run_id }}.svg"
-        report_name="${{ github.run_id }}.svg"
-        docker exec -d $container_id sh -c "RUST_BACKTRACE=1 py-spy record -p $worker_pid -o /home/profiling_reports/$report_name -f flamegraph --idle --nonblocking --rate $profiling_sampling_rate > /home/site/wwwroot/py-spy.log 2>&1 &"
+        report_format=${{ github.event.inputs.report_format }}
+        if [ "$report_format" == "flamegraph" ]; then
+          report_name="${{ github.run_id }}.svg"
+        elif [ "$report_format" == "speedscope" ]; then
+          report_name="${{ github.run_id }}.speedscope.json"
+        else
+          echo "Unsupported report format: $report_format"
+          exit 1
+        fi
+        docker exec -d $container_id sh -c "RUST_BACKTRACE=1 py-spy record -p $worker_pid -o /home/profiling_reports/$report_name -f $report_format --idle --nonblocking --rate $profiling_sampling_rate > /home/site/wwwroot/py-spy.log 2>&1 &"
         sleep 2  # Give it a moment to start
         py_spy_id=$(docker exec $container_id sh -c "ps aux | grep '[p]y-spy record'" | awk '{print $2}')
         
@@ -94,11 +109,9 @@ jobs:
         docker exec $container_id cat /home/site/wwwroot/py-spy.log
         docker exec $container_id sh -c "kill -2 $py_spy_id"
         sleep 2
-
         mkdir profiling_reports
         chmod 777 profiling_reports
         docker cp $container_id:/home/profiling_reports/$report_name profiling_reports
-
     - name: Upload SVG to Azure Blob Storage
       uses: bacongobbler/azure-blob-storage-upload@v3.0.0
       with:
@@ -111,7 +124,7 @@ jobs:
       run: |
         blob_url="https://${{ env.PYTHON_FUNCTION_PROFILING_STORAGE_ACCT }}.blob.core.windows.net/profiling/${{ env.report_name }}"
         echo "You can view the Blob at: $blob_url"
-  
+        
     - name: Upload profiling result to artifact
       uses: actions/upload-artifact@v2
       with: