diff --git a/.github/workflows/merge-main.yml b/.github/workflows/merge-main.yml
index 3e7bfb69..6d70a190 100644
--- a/.github/workflows/merge-main.yml
+++ b/.github/workflows/merge-main.yml
@@ -85,7 +85,6 @@ jobs:
           oc_server: ${{ secrets.OC_SERVER }}
           oc_token: ${{ secrets.OC_TOKEN }}
           overwrite: false
-          penetration_test: false
           parameters: -p ZONE=${{ env.ZONE }} -p NAME=${{ github.event.repository.name }}
 
   deploy-test-backend:
@@ -106,7 +105,6 @@ jobs:
           oc_server: ${{ secrets.OC_SERVER }}
           oc_token: ${{ secrets.OC_TOKEN }}
           overwrite: true
-          penetration_test: true
           parameters:
             -p ZONE=${{ env.ZONE }} -p NAME=${{ github.event.repository.name }}
             -p PROMOTE=${{ github.repository }}/backend:${{ env.ZONE }}
@@ -137,7 +135,6 @@ jobs:
           oc_server: ${{ secrets.OC_SERVER }}
           oc_token: ${{ secrets.OC_TOKEN }}
           overwrite: false
-          penetration_test: false
           parameters: -p ZONE=${{ env.ZONE }} -p NAME=${{ github.event.repository.name }}
 
   deploy-prod-backend:
@@ -159,7 +156,6 @@ jobs:
           oc_server: ${{ secrets.OC_SERVER }}
           oc_token: ${{ secrets.OC_TOKEN }}
           overwrite: true
-          penetration_test: true
           parameters:
             -p ZONE=${{ env.ZONE }} -p NAME=${{ github.event.repository.name }}
             -p PROMOTE=${{ github.repository }}/backend:${{ env.PREV }}
diff --git a/.github/workflows/pr-open.yml b/.github/workflows/pr-open.yml
index 03f75d2c..02e329ce 100644
--- a/.github/workflows/pr-open.yml
+++ b/.github/workflows/pr-open.yml
@@ -2,6 +2,7 @@ name: Pull Request
 
 on:
   pull_request:
+  workflow_dispatch:
 
 concurrency:
   # PR open and close use the same group, allowing only one at a time
diff --git a/.github/workflows/scheduled.yml b/.github/workflows/scheduled.yml
new file mode 100644
index 00000000..59c2faa3
--- /dev/null
+++ b/.github/workflows/scheduled.yml
@@ -0,0 +1,23 @@
+name: Scheduled
+
+on:
+  schedule: [cron: "0 11 * * 6"] # 3 AM PST = 12 PM UDT, Saturdays
+  workflow_dispatch:
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  zap_scan:
+    runs-on: ubuntu-latest
+    name: Penetration Tests
+    steps:
+      - name: ZAP Scan
+        uses: zaproxy/action-full-scan@v0.8.0
+        with:
+          allow_issue_writing: true
+          artifact_name: "zap_backend"
+          cmd_options: "-a"
+          issue_title: "ZAP: backend"
+          target: https://${{ github.event.repository.name }}-test-backend.apps.silver.devops.gov.bc.ca
diff --git a/.github/workflows/unit-tests.yml b/.github/workflows/unit-tests.yml
index afb124c8..97943479 100644
--- a/.github/workflows/unit-tests.yml
+++ b/.github/workflows/unit-tests.yml
@@ -2,16 +2,9 @@ name: Unit Tests and Analysis
 
 on:
   pull_request:
-    types:
-      - opened
-      - reopened
-      - synchronize
-      - ready_for_review
+    types: [opened, reopened, synchronize, ready_for_review, converted_to_draft]
   push:
-    branches:
-      - main
-    paths-ignore:
-      - "**.md"
+    branches: [main]
   workflow_dispatch:
 
 concurrency: