diff --git a/.github/workflows/code_scan.yml b/.github/workflows/code_scan.yml
index 335f5602..f7fda451 100644
--- a/.github/workflows/code_scan.yml
+++ b/.github/workflows/code_scan.yml
@@ -31,15 +31,15 @@ jobs:
         run: |
           pip install .
           pip freeze > requirements.txt
-      - name: Trivy Scanning
+      - name: Run Trivy scan
         uses: aquasecurity/trivy-action@0.20.0
         with:
           scan-type: fs
           scan-ref: requirements.txt
-          format: json
-          output: .tox/trivy-scan-result.spdx.json
-      - name: Upload Trivy results artifact
+          format: spdx-json
+          output: trivy-scan-results.spdx.json
+      - name: Upload Trivy scan results
         uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
         with:
           name: trivy-scan-results
-          path: .tox/trivy-scan-results.spdx.json
+          path: trivy-scan-results.spdx.json