diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index aa2492f..31135d0 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -7,7 +7,7 @@ variables:
   ANNOUNCE: http://labsync.lab.fablab-nea.de:6969/announce
   WEBSEED: http://labsync.lab.fablab-nea.de/labsync/$CI_COMMIT_REF_NAME/$CI_PIPELINE_ID/images
   DOCKER_IMAGE_BUILDER: ${CI_REGISTRY_IMAGE}/labsync-builder:main
-  DOCKER_IMAGE_SECURITY_SCANNER: ${CI_REGISTRY_IMAGE}/security-scanner:$CI_COMMIT_REF_SLUG
+  DOCKER_IMAGE_SECURITY_SCANNER: ${CI_REGISTRY_IMAGE}/security-scanner:main
   DOCKER_TLS_CERTDIR: ""
 
 stages:
@@ -53,9 +53,19 @@ dockerimage_security_scanner:
     - docker login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY
     - make secscanimg
     - docker push $DOCKER_IMAGE_SECURITY_SCANNER
-  except:
-    refs:
-      - schedules
+    - echo "DOCKER_IMAGE_SECURITY_SCANNER=${CI_REGISTRY_IMAGE}/security-scanner:$CI_COMMIT_REF_SLUG" >> build.env
+  artifacts:
+    reports:
+      dotenv: build.env
+  rules:
+    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
+      when: on_success
+    - if:
+      changes:
+        paths:
+          - security-scanner/**/*
+        compare_to: main
+      when: on_success
 
 security_scanner:
   stage: check
@@ -74,7 +84,7 @@ security_scanner:
 
 lightburn-download:
   stage: prepare
-  image: alpine
+  image: quay.io/official-images/alpine
   script:
     - mkdir -p packer/ansible/roles/lightburn/files
     - 'wget -O packer/ansible/roles/lightburn/files/lightburn.zip  --header "JOB-TOKEN: $CI_JOB_TOKEN" "${CI_SERVER_URL}/api/v4/projects/fablab%2Flightburn-patched/jobs/artifacts/main/download?job=patch-Linux64"'
diff --git a/packer/debian-bookworm.yaml b/packer/debian-bookworm.yaml
index 8d9d0a5..c7e0487 100644
--- a/packer/debian-bookworm.yaml
+++ b/packer/debian-bookworm.yaml
@@ -20,7 +20,7 @@ variables:
 
 builders:
 - discard: true
-  image: debian:bookworm
+  image: quay.io/official-images/debian:bookworm
   type: docker
   volumes:
     '{{user `images`}}': /tmp/images
diff --git a/security-scanner/Dockerfile b/security-scanner/Dockerfile
index 622e443..aeffe50 100644
--- a/security-scanner/Dockerfile
+++ b/security-scanner/Dockerfile
@@ -1,4 +1,4 @@
-FROM debian:bookworm-slim
+FROM quay.io/official-images/debian:bookworm-slim
 
 RUN apt-get update \
 	&& apt-get -y install \