diff --git a/.github/workflows/secure.yml b/.github/workflows/secure.yml
index 2acb8784..8ee6d379 100644
--- a/.github/workflows/secure.yml
+++ b/.github/workflows/secure.yml
@@ -14,35 +14,32 @@ jobs:
   # https://semgrep.dev/docs/cli-reference
   semgrep:
     runs-on: ubuntu-24.04
-    env:
-      SEMGREP_RULES: >-
-        p/command-injection
-        p/comment
-        p/cwe-top-25
-        p/default
-        p/gitlab
-        p/gitleaks
-        p/golang
-        p/gosec
-        p/insecure-transport
-        p/owasp-top-ten
-        p/r2c-best-practices
-        p/r2c-bug-scan
-        p/r2c-security-audit
-        p/secrets
-        p/security-audit
-        p/sql-injection
-        p/xss
     container:
       image: semgrep/semgrep
     permissions:
       contents: read
       security-events: write
     steps:
-      - uses: actions/checkout@v4
-      - run: semgrep scan --error --severity=WARNING
       - uses: actions/checkout@v4
       - run: semgrep scan --sarif --output=semgrep.sarif --error --severity=WARNING
+        env:
+          SEMGREP_RULES: >-
+            p/command-injection
+            p/comment
+            p/cwe-top-25
+            p/default
+            p/gitleaks
+            p/golang
+            p/gosec
+            p/insecure-transport
+            p/owasp-top-ten
+            p/r2c-best-practices
+            p/r2c-bug-scan
+            p/r2c-security-audit
+            p/secrets
+            p/security-audit
+            p/sql-injection
+            p/xss
       - uses: github/codeql-action/upload-sarif@v3
         with:
           sarif_file: semgrep.sarif
@@ -79,4 +76,4 @@ jobs:
     steps:
       - uses: golang/govulncheck-action@v1
         with:
-          go-version-file: go.mod
+          go-version-file: go.mod
\ No newline at end of file