diff --git a/.gitea/workflows/security.yml b/.gitea/workflows/security.yml
index 165d265..bca4495 100644
--- a/.gitea/workflows/security.yml
+++ b/.gitea/workflows/security.yml
@@ -8,13 +8,13 @@ on:
   schedule:
     - cron: '0 4 * * 1'   # Mondays 04:00 UTC
 
-# Reusable workflows live in JonKazama-Hellion/security-workflows
-# (the security-workflows repo is in the personal account, not in either org).
+# Reusable workflow lives in JonKazama-Hellion/security-workflows.
+# It runs Semgrep SAST + Trivy filesystem scan in parallel.
+# Inputs (all optional): severity, semgrep-config, semgrep-exclude-rules.
 jobs:
-  semgrep:
-    uses: JonKazama-Hellion/security-workflows/.gitea/workflows/semgrep.yml@main
-    # If you need to exclude specific rules or paths, drop a .semgrep-exclude.yml
-    # at the repo root. The reusable workflow honors it.
-
-  trivy:
-    uses: JonKazama-Hellion/security-workflows/.gitea/workflows/trivy.yml@main
+  scan:
+    uses: JonKazama-Hellion/security-workflows/.gitea/workflows/security-scan.yml@main
+    # Example overrides if you need them:
+    # with:
+    #   severity: 'CRITICAL'
+    #   semgrep-exclude-rules: 'csharp.lang.security.sqli.csharp-sqli'