diff --git a/.gitea/workflows/prepare-release.yml b/.gitea/workflows/prepare-release.yml
index 5448d68..113c42f 100644
--- a/.gitea/workflows/prepare-release.yml
+++ b/.gitea/workflows/prepare-release.yml
@@ -49,16 +49,13 @@ jobs:
           go mod verify
 
       - name: Run gosec security analysis
-        uses: securego/gosec@v2.22.4
-        env:
-          GOTOOLCHAIN: auto
-        with:
-          args: ./...
+        run: |
+          set -euo pipefail
+          go install github.com/securego/gosec/v2/cmd/gosec@v2.22.4
+          gosec ./...
 
       - name: Run govulncheck
         uses: golang/govulncheck-action@v1.0.4
-        env:
-          GOTOOLCHAIN: auto
         with:
           go-package: ./...
           cache: true
diff --git a/.gitea/workflows/push-validation.yml b/.gitea/workflows/push-validation.yml
index 939b3b6..1f47217 100644
--- a/.gitea/workflows/push-validation.yml
+++ b/.gitea/workflows/push-validation.yml
@@ -45,9 +45,10 @@ jobs:
           go mod verify
 
       - name: Run gosec security analysis
-        uses: securego/gosec@v2.22.4
-        with:
-          args: ./...
+        run: |
+          set -euo pipefail
+          go install github.com/securego/gosec/v2/cmd/gosec@v2.22.4
+          gosec ./...
 
       - name: Run govulncheck
         uses: golang/govulncheck-action@v1.0.4