diff --git a/.github/workflows/security-scan.yml b/.github/workflows/security-scan.yml
index 492a76b578..ce500ac8a2 100644
--- a/.github/workflows/security-scan.yml
+++ b/.github/workflows/security-scan.yml
@@ -6,7 +6,9 @@ on:
   pull_request:
     branches:
       - 'main'
-
+    paths-ignore:
+      - 'website/'
+      
 jobs:
   scan:
     runs-on: ${{ fromJSON(vars.RUNNER_LARGE) }}
diff --git a/scan.hcl b/scan.hcl
index 05c171bfb3..0696e1bb4b 100644
--- a/scan.hcl
+++ b/scan.hcl
@@ -14,12 +14,11 @@ repository {
   
   plugin "semgrep" {
     use_git_ignore = true
-    exclude = ["testing", "website"]
-    config = ["p/r2c-security-audit"]
-    exclude_rule = ["generic.html-templates.security.unquoted-attribute-var.unquoted-attribute-var"]
+    exclude = ["*_test.go", "website/*", "testing/*"]
+    config = ["p/gosec"]
   }
   
-  # plugin "codeql" {
-  #  languages = ["go"]
-  # }
+  plugin "codeql" {
+    languages = ["go"]
+   }
 }