diff --git a/.github/workflows/zaproxy.yml b/.github/workflows/zaproxy.yml
index 36eaee3f3..74d0a5629 100644
--- a/.github/workflows/zaproxy.yml
+++ b/.github/workflows/zaproxy.yml
@@ -1,6 +1,6 @@
 name: Run ZAP Baseline Scan ⚙️
 
-on: [ push, pull_request ]
+on: [ push ]
 
 jobs:
   main:
@@ -35,4 +35,4 @@ jobs:
       uses: zaproxy/action-baseline@v0.12.0
       with:
         target: 'http://localhost'
-        #rules_file_name: '.zap/rules.tsv'
\ No newline at end of file
+        rules_file_name: '.zap/rules.tsv'
\ No newline at end of file
diff --git a/.zap/rules.tsv b/.zap/rules.tsv
new file mode 100644
index 000000000..56741ad20
--- /dev/null
+++ b/.zap/rules.tsv
@@ -0,0 +1,19 @@
+10202	IGNORE	Absence of Anti-CSRF Tokens	Medium
+10038	IGNORE	Content Security Policy (CSP) Header Not Set	Medium
+10098	IGNORE	Cross-Domain Misconfiguration	Medium
+10020	IGNORE	Missing Anti-clickjacking Header	Medium
+90003	IGNORE	Sub Resource Integrity Attribute Missing	Medium
+90022	IGNORE	Application Error Disclosure	Medium
+10054	IGNORE	Cookie with SameSite Attribute None	Low
+10017	IGNORE	Cross-Domain JavaScript Source File Inclusion	Low
+10023	IGNORE	Information Disclosure - Debug Error Messages	Low
+10063	IGNORE	Permissions Policy Header Not Set	Low
+10037	IGNORE	"Server Leaks Information via ""X-Powered-By"" HTTP Response Header Field(s)"	Low
+10096	IGNORE	Timestamp Disclosure - Unix	Low
+10021	IGNORE	X-Content-Type-Options Header Missing	Low
+10027	IGNORE	Information Disclosure - Suspicious Comments	Informational
+90033	IGNORE	Loosely Scoped Cookie	Informational
+10109	IGNORE	Modern Web Application	Informational
+10049	IGNORE	Non-Storable Content	Informational
+10112	IGNORE	Session Management Response Identified	Informational
+10049	IGNORE	Storable and Cacheable Content	Informational