diff --git a/.github/workflows/build_test_images.yaml b/.github/workflows/build_test_images.yaml
index b9b9e9e..0c59b4f 100644
--- a/.github/workflows/build_test_images.yaml
+++ b/.github/workflows/build_test_images.yaml
@@ -96,6 +96,8 @@ jobs:
           format: sarif
           output: "${{ steps.publish-image.outputs.image-name }}.sarif"
           # turn off secret scanning to speed things up
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Upload Trivy scan results to GitHub Security tab
         uses: github/codeql-action/upload-sarif@v3
@@ -113,6 +115,8 @@ jobs:
           exit-code: '1'
           severity: 'CRITICAL'
           ignore-unfixed: true
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Write matrix outputs
         uses: cloudposse/github-action-matrix-outputs-write@0.4.2