diff --git a/.github/workflows/zizmor.yml b/.github/workflows/zizmor.yml
new file mode 100644
index 0000000..e7b60b2
--- /dev/null
+++ b/.github/workflows/zizmor.yml
@@ -0,0 +1,30 @@
+name: Zizmor Security Scan
+
+on:
+  push:
+    branches: [main]
+    paths:
+      - ".github/workflows/**"
+  pull_request:
+    paths:
+      - ".github/workflows/**"
+  workflow_dispatch:
+
+permissions:
+  contents: read
+
+jobs:
+  zizmor-scan:
+    runs-on: ubuntu-latest
+    name: Zizmor GitHub Actions Security Scan
+    permissions:
+      contents: read
+      security-events: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Run zizmor security scan
+        run: uvx zizmor --persona=pedantic --min-severity=medium --min-confidence=medium --format=github .github/workflows/
+        continue-on-error: true
diff --git a/.github/workflows/zizmor_sarif.yml b/.github/workflows/zizmor_sarif.yml
deleted file mode 100644
index 405dfd3..0000000
--- a/.github/workflows/zizmor_sarif.yml
+++ /dev/null
@@ -1,45 +0,0 @@
-name: Zizmor Security Scan
-
-on:
-  push:
-    branches: [main]
-    paths:
-      - ".github/workflows/**"
-  pull_request:
-    paths:
-      - ".github/workflows/**"
-  workflow_dispatch:
-
-permissions:
-  contents: read
-
-jobs:
-  zizmor-scan:
-    runs-on: ubuntu-latest
-    name: Zizmor GitHub Actions Security Scan
-    permissions:
-      contents: read
-      security-events: write
-
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@v4
-
-      - name: Install Rust and zizmor
-        run: |
-          curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y
-          source ~/.cargo/env
-          cargo install zizmor
-
-      - name: Run zizmor security scan
-        run: |
-          source ~/.cargo/env
-          zizmor --persona=pedantic --min-severity=medium --min-confidence=medium --format=sarif .github/workflows/ > zizmor.sarif
-        continue-on-error: true
-
-      - name: Upload SARIF results to GitHub
-        uses: github/codeql-action/upload-sarif@v3
-        with:
-          sarif_file: zizmor.sarif
-          category: zizmor
-        if: always()
diff --git a/zizmor.sarif b/zizmor.sarif
deleted file mode 100644
index a21b6ca..0000000
--- a/zizmor.sarif
+++ /dev/null
@@ -1,24 +0,0 @@
-{
-  "$schema": "https://docs.oasis-open.org/sarif/sarif/v2.1.0/os/schemas/sarif-schema-2.1.0.json",
-  "runs": [
-    {
-      "invocations": [
-        {
-          "executionSuccessful": true
-        }
-      ],
-      "results": [],
-      "tool": {
-        "driver": {
-          "downloadUri": "https://github.com/zizmorcore/zizmor",
-          "informationUri": "https://docs.zizmor.sh",
-          "name": "zizmor",
-          "rules": [],
-          "semanticVersion": "1.8.0",
-          "version": "1.8.0"
-        }
-      }
-    }
-  ],
-  "version": "2.1.0"
-}
\ No newline at end of file
diff --git a/zizmor.yml b/zizmor.yml
new file mode 100644
index 0000000..4241b39
--- /dev/null
+++ b/zizmor.yml
@@ -0,0 +1,6 @@
+rules:
+  unpinned-uses:
+    config:
+      policies:
+        actions/*: ref-pin
+        github/*: ref-pin