diff --git a/.github/workflows/govulncheck.yml b/.github/workflows/govulncheck.yml
deleted file mode 100644
index ef5f4c5..0000000
--- a/.github/workflows/govulncheck.yml
+++ /dev/null
@@ -1,29 +0,0 @@
-name: govulncheck
-
-on:
-  schedule:
-    - cron: "0 0 * * 1"
-
-permissions:
-  contents: read
-
-jobs:
-  ci-security-checks:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-        name: Checkout code
-
-      - name: Set up Go
-        uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0
-        with:
-          go-version-file: go.mod
-          check-latest: true
-
-      - name: Install govulncheck
-        run: |
-          go install golang.org/x/vuln/cmd/govulncheck@latest
-
-      - name: Run security checks
-        run: |
-          govulncheck ./...
diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml
new file mode 100644
index 0000000..7da069f
--- /dev/null
+++ b/.github/workflows/security.yml
@@ -0,0 +1,38 @@
+name: Security Scans
+
+on:
+  workflow_dispatch:
+  workflow_call:
+  pull_request_target:
+  schedule:
+    - cron: "0 8 * * *"
+
+jobs:
+  dependency-review:
+    name: Dependency Review
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        name: Checkout code
+
+      - name: Run dependency review
+        uses: actions/dependency-review-action@3b139cfc5fae8b618d3eae3675e383bb1769c019 # v4.5.0
+
+  govulncheck:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        name: Checkout code
+
+      - name: Set up Go
+        uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0
+        with:
+          check-latest: true
+
+      - name: Install govulncheck
+        run: |
+          go install golang.org/x/vuln/cmd/govulncheck@latest
+
+      - name: Run govulncheck
+        run: |
+          govulncheck ./...
diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
index 350f04f..6034a9f 100644
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@@ -2,6 +2,7 @@ name: Tests
 
 on:
   workflow_dispatch:
+  workflow_call:
   pull_request_target:
 
 permissions:
@@ -18,9 +19,6 @@ jobs:
       - name: Checkout code
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
-      - name: Dependency Review
-        uses: actions/dependency-review-action@v4
-
       - name: Set up Go
         uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0
         with:
@@ -64,8 +62,6 @@ jobs:
     steps:
       - name: Checkout code
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-        with:
-          persist-credentials: false
 
       - name: Run hadolint
         id: hadolint