diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index e6ab8d44d6..c6b0ecd9d0 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -11,6 +11,9 @@ on:
     types: [opened, synchronize]
   workflow_call:
     inputs: {}
+  
+permissions:
+  contents: read
 
 env:
   _AZ_REGISTRY: "bitwardenprod.azurecr.io"
@@ -237,18 +240,10 @@ jobs:
           fi
           echo "tags=$TAGS" >> $GITHUB_OUTPUT
 
-      - name: Generate image full name
-        id: cache-name
-        env:
-          PROJECT_NAME: ${{ steps.setup.outputs.project_name }}
-        run: echo "name=${_AZ_REGISTRY}/${PROJECT_NAME}:buildcache" >> $GITHUB_OUTPUT
-
       - name: Build Docker image
         id: build-artifacts
         uses: docker/build-push-action@67a2d409c0a876cbe6b11854e3e25193efe4e62d # v6.12.0
         with:
-          cache-from: type=registry,ref=${{ steps.cache-name.outputs.name }}
-          cache-to: type=registry,ref=${{ steps.cache-name.outputs.name}},mode=max
           context: .
           file: ${{ matrix.base_path }}/${{ matrix.project_name }}/Dockerfile
           platforms: |
@@ -605,6 +600,7 @@ jobs:
       project: server
       pull_request_number: ${{ github.event.number }}
     secrets: inherit
+    permissions: read-all
 
   check-failures:
     name: Check for failures