diff --git a/.github/workflows/code_scan.yml b/.github/workflows/code_scan.yml
index f7fda451..6879ccb2 100644
--- a/.github/workflows/code_scan.yml
+++ b/.github/workflows/code_scan.yml
@@ -31,7 +31,13 @@ jobs:
         run: |
           pip install .
           pip freeze > requirements.txt
-      - name: Run Trivy scan
+      - name: Run Trivy security scan
+        uses: aquasecurity/trivy-action@0.20.0
+        with:
+          scan-type: fs
+          scan-ref: requirements.txt
+          output: trivy-scan-results.txt
+      - name: Run Trivy spdx scan
         uses: aquasecurity/trivy-action@0.20.0
         with:
           scan-type: fs
@@ -42,4 +48,4 @@ jobs:
         uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
         with:
           name: trivy-scan-results
-          path: trivy-scan-results.spdx.json
+          path: trivy-scan-results.*