diff --git a/.github/workflows/checkov.yml b/.github/workflows/checkov.yml
index 500d41d..1204be3 100644
--- a/.github/workflows/checkov.yml
+++ b/.github/workflows/checkov.yml
@@ -1,11 +1,35 @@
-name: Checkov
+name: checkov
 on:
+  push:
+    branches: [ "main"]
   pull_request:
+    branches: [ "main" ]
+
+  # Allows you to run this workflow manually from the Actions tab
+  workflow_dispatch:
+
+permissions: read-all
 
 jobs:
-  checkov:
+  scan:
+    permissions:
+      contents: read
+      security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
+
     runs-on: ubuntu-latest
+
     steps:
-      - uses: makandra/github-actions/checkov-terraform@main
+      - uses: actions/checkout@v3
+
+      - name: Checkov GitHub Action
+        uses: bridgecrewio/checkov-action@v12
+        with:
+          output_format: cli,sarif
+          output_file_path: console,results.sarif
+
+      - name: Upload SARIF file
+        uses: github/codeql-action/upload-sarif@v2
+
+        if: success() || failure()
         with:
-          path: .
+          sarif_file: results.sarif