diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index aa2492f..5b8b6f3 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -7,7 +7,7 @@ variables:
   ANNOUNCE: http://labsync.lab.fablab-nea.de:6969/announce
   WEBSEED: http://labsync.lab.fablab-nea.de/labsync/$CI_COMMIT_REF_NAME/$CI_PIPELINE_ID/images
   DOCKER_IMAGE_BUILDER: ${CI_REGISTRY_IMAGE}/labsync-builder:main
-  DOCKER_IMAGE_SECURITY_SCANNER: ${CI_REGISTRY_IMAGE}/security-scanner:$CI_COMMIT_REF_SLUG
+  DOCKER_IMAGE_SECURITY_SCANNER: ${CI_REGISTRY_IMAGE}/security-scanner:main
   DOCKER_TLS_CERTDIR: ""
 
 stages:
@@ -53,9 +53,19 @@ dockerimage_security_scanner:
     - docker login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY
     - make secscanimg
     - docker push $DOCKER_IMAGE_SECURITY_SCANNER
-  except:
-    refs:
-      - schedules
+    - echo "DOCKER_IMAGE_SECURITY_SCANNER=${CI_REGISTRY_IMAGE}/security-scanner:$CI_COMMIT_REF_SLUG" >> build.env
+  artifacts:
+    reports:
+      dotenv: build.env
+  rules:
+    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
+      when: on_success
+    - if:
+      changes:
+        paths:
+          - security-scanner/**/*
+        compare_to: main
+      when: on_success
 
 security_scanner:
   stage: check