diff --git a/.github/workflows/terraform.yaml b/.github/workflows/terraform.yaml
index 15638d3..ffda773 100644
--- a/.github/workflows/terraform.yaml
+++ b/.github/workflows/terraform.yaml
@@ -55,10 +55,6 @@ on:
         description: Enforce tflint warnings for changed files by default
         type: boolean
         default: false
-      default_runner_override_label:
-        description: Change this to "self-hosted" or "ubuntu-latest"
-        type: string
-        default: "ubuntu-latest"
       runner_label:
         description: Runner label to point to self hosted runners
         type: string
@@ -81,9 +77,11 @@ jobs:
     if: github.ref_name != 'main'
     name: Format and Validate
     runs-on:
-      - ${{ inputs.default_runner_override_label }}
       - ${{ inputs.runner_label }}
     steps:
+      - name: Install missing binaries zip jq curl
+        run: sudo apt-get update && sudo apt-get install zip jq curl git -y
+
       - name: Checkout
         uses: actions/checkout@v3
         with:
@@ -94,6 +92,11 @@ jobs:
         with:
           python-version: '3.11'
 
+      - name: Setup Node only for self-hosted runners
+        uses: actions/setup-node@v3
+        with:
+          node-version: 19
+
       - run: mkdir -p "${TF_PLUGIN_CACHE_DIR}"
       - name: Cache Terraform
         uses: actions/cache@v3
@@ -106,12 +109,6 @@ jobs:
           path: ~/.tflint.d/plugins
           key: ${{ runner.os }}-tflint-${{ hashFiles('**/.tflint.hcl') }}
 
-      - name: Setup Node only for self-hosted runners
-        uses: actions/setup-node@v3
-        if: ${{ inputs.default_runner_override_label == 'self-hosted' }}
-        with:
-          node-version: 18
-
       - name: Setup Terraform
         uses: hashicorp/setup-terraform@v2
         with:
@@ -179,9 +176,11 @@ jobs:
     name: Linting
     if: github.ref_name != 'main'
     runs-on:
-      - ${{ inputs.default_runner_override_label }}
       - ${{ inputs.runner_label }}
     steps:
+      - name: Install missing binaries zip jq curl
+        run: sudo apt-get update && sudo apt-get install zip jq curl git -y
+
       - name: Checkout
         uses: actions/checkout@v3
         with:
@@ -192,6 +191,11 @@ jobs:
         with:
           python-version: '3.11'
 
+      - name: Setup Node only for self-hosted runners
+        uses: actions/setup-node@v3
+        with:
+          node-version: 19
+
       - run: mkdir -p "${TF_PLUGIN_CACHE_DIR}"
       - name: Cache Terraform
         uses: actions/cache@v3
@@ -223,12 +227,6 @@ jobs:
           tflint_version: "v0.47.0"
           github_token: ${{ secrets.GITHUB_TOKEN }}
 
-      - name: Setup Node only for self-hosted runners
-        uses: actions/setup-node@v3
-        if: ${{ inputs.default_runner_override_label == 'self-hosted' }}
-        with:
-          node-version: 19
-
       - name: Pre-init Hook
         run: ${{ inputs.pre_init_hook }}
 
@@ -308,7 +306,6 @@ jobs:
     name: Security Checks
     if: github.ref_name != 'main'
     runs-on:
-      - ${{ inputs.default_runner_override_label }}
       - ${{ inputs.runner_label }}
     steps:
       - name: Checkout
@@ -318,9 +315,9 @@ jobs:
           submodules: ${{ inputs.enable_submodules }}
 
       - name: Run Trivy vulnerability scanner in IaC mode
-        uses: aquasecurity/trivy-action@0.12.0
+        uses: aquasecurity/trivy-action@0.20.0
         with:
-          scan-type: 'config'
+          scan-type: 'fs'
           hide-progress: false
           format: 'sarif'
           output: 'trivy-results.sarif'
@@ -331,7 +328,7 @@ jobs:
       # https://github.com/aquasecurity/trivy/issues/5003
       - name: Remove git from url for sarif uploading
         shell: bash
-        run: | 
+        run: |
           sed -i 's#git::https:/##g' trivy-results.sarif
 
       - name: Upload Trivy scan results to GitHub Security tab