diff --git a/.gitea/workflows/pr-validation.yml b/.gitea/workflows/pr-validation.yml
index 1dbfb9d..5df4cc9 100644
--- a/.gitea/workflows/pr-validation.yml
+++ b/.gitea/workflows/pr-validation.yml
@@ -45,16 +45,6 @@ jobs:
           restore-keys: |
             ${{ runner.os }}-go-modules-
 
-      - name: Cache security tools
-        uses: actions/cache@v4
-        with:
-          path: |
-            ~/.cache/go-build
-            ~/go/bin
-          key: ${{ runner.os }}-go-security-tools-${{ hashFiles('**/go.mod', '**/go.sum') }}
-          restore-keys: |
-            ${{ runner.os }}-go-security-tools-
-
       - name: Verify module hygiene
         run: |
           set -euo pipefail
@@ -157,11 +147,23 @@ jobs:
             exit 1
           fi
 
-      - name: Run security analysis
+      - name: Check code formatting
         run: |
           set -euo pipefail
-          "$(go env GOPATH)/bin/gosec" ./...
-          "$(go env GOPATH)/bin/govulncheck" ./...
+          fmt_output=$(go fmt ./...)
+          if [[ -n "$fmt_output" ]]; then
+            echo "Code formatting check failed. The following files need formatting:" >&2
+            echo "$fmt_output" >&2
+            exit 1
+          fi
+
+      - name: Run Gosec Security Scanner
+        uses: secureCodeBox/gosec-action@v1
+        with:
+          args: './...'
+
+      - name: Run Go Vulnerability Check
+        uses: golang/govulncheck-action@v1
 
       - name: Generate coverage badge
         env:
diff --git a/.gitea/workflows/push-validation.yml b/.gitea/workflows/push-validation.yml
index 9da2da7..6409b50 100644
--- a/.gitea/workflows/push-validation.yml
+++ b/.gitea/workflows/push-validation.yml
@@ -45,16 +45,6 @@ jobs:
           restore-keys: |
             ${{ runner.os }}-go-modules-
 
-      - name: Cache security tools
-        uses: actions/cache@v4
-        with:
-          path: |
-            ~/.cache/go-build
-            ~/go/bin
-          key: ${{ runner.os }}-go-security-tools-${{ hashFiles('**/go.mod', '**/go.sum') }}
-          restore-keys: |
-            ${{ runner.os }}-go-security-tools-
-
       - name: Verify module hygiene
         run: |
           set -euo pipefail
@@ -62,11 +52,23 @@ jobs:
           git diff --exit-code go.mod go.sum
           go mod verify
 
-      - name: Install security tools
+      - name: Check code formatting
         run: |
           set -euo pipefail
-          go install github.com/securego/gosec/v2/cmd/gosec@v2.22.3
-          go install golang.org/x/vuln/cmd/govulncheck@v1.1.4
+          fmt_output=$(go fmt ./...)
+          if [[ -n "$fmt_output" ]]; then
+            echo "Code formatting check failed. The following files need formatting:" >&2
+            echo "$fmt_output" >&2
+            exit 1
+          fi
+
+      - name: Run Gosec Security Scanner
+        uses: secureCodeBox/gosec-action@v1
+        with:
+          args: './...'
+
+      - name: Run Go Vulnerability Check
+        uses: golang/govulncheck-action@v1
 
       - name: Install AWS CLI v2
         uses: ankurk91/install-aws-cli-action@v1
@@ -163,12 +165,6 @@ jobs:
           repository-name: ${{ github.repository }}
           summary-file: ${{ env.SUMMARY_FILE }}
 
-      - name: Run security analysis
-        run: |
-          set -euo pipefail
-          "$(go env GOPATH)/bin/gosec" ./...
-          "$(go env GOPATH)/bin/govulncheck" ./...
-
       - name: Run behavior suite on main pushes
         if: ${{ github.ref == 'refs/heads/main' }}
         run: ./script/run-behavior-suite-docker.sh