diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index 2c0b2306..35ceb62a 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -23,7 +23,7 @@ concurrency:
 
 jobs:
   analyze:
-    name: Analyze
+    name: Check for Vulnerabilities
     runs-on: ubuntu-latest
 
     strategy:
diff --git a/.github/workflows/snyk.yml b/.github/workflows/snyk.yml
index 73d93770..ac53d8f0 100644
--- a/.github/workflows/snyk.yml
+++ b/.github/workflows/snyk.yml
@@ -2,7 +2,7 @@ name: Snyk
 
 on:
   merge_group:
-  pull_request_target:
+  pull_request:
     types:
       - opened
       - synchronize
@@ -13,6 +13,8 @@ on:
     - cron: "30 0 1,15 * *"
 
 permissions:
+  security-events: write
+  actions: read
   contents: read
 
 concurrency:
@@ -41,6 +43,13 @@ jobs:
         with:
           ref: ${{ github.event.pull_request.head.sha || github.ref }}
 
-      - uses: snyk/actions/php@b98d498629f1c368650224d6d212bf7dfa89e4bf # pin@0.4.0
+      - uses: snyk/actions/python-3.7@b98d498629f1c368650224d6d212bf7dfa89e4bf # pin@0.4.0
         env:
           SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
+        with:
+          args: --sarif-file-output=snyk.sarif
+
+      - name: Upload result to GitHub Code Scanning
+        uses: github/codeql-action/upload-sarif@v2
+        with:
+          sarif_file: snyk.sarif