diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index 14f965ce..c82c0b08 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -8,7 +8,8 @@ on:
       - "charts/**"
 
 # Declare default permissions as read only.
-permissions: read-all
+permissions:
+  contents: read
 
 jobs:
   release:
@@ -78,14 +79,36 @@ jobs:
           kubescape scan framework nsa --format=html --output=kubescape-reports/nsa.html charts/
           kubescape scan framework mitre --format=html --output=kubescape-reports/mitre.html charts/
 
-      - name: Update gh-pages branch
+      - name: "Upload kubescape reports"
+        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
+        with:
+          name: kubescape-reports
+          path: kubescape-reports/
+          retention-days: 5
+
+  update-kubescape-reports:
+    runs-on: ubuntu-24.04
+    container: ghcr.io/chgl/kube-powertools:v2.3.34@sha256:153b27c2b222c9f5f47e09aa3c56e284834c5221a8f59fd2aefd77c91180c2ae
+    permissions:
+      contents: write
+    needs:
+      - release
+    steps:
+      - name: Add workspace as safe directory
         run: |
-          git fetch origin
-          git config pull.ff only
-          git pull origin gh-pages
+          git config --global --add safe.directory /__w/charts/charts
+
+      - name: Checkout
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          ref: gh-pages
+
+      - name: Download reports
+        uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
+        with:
+          name: kubescape-reports
 
       - uses: EndBug/add-and-commit@a94899bca583c204427a224a7af87c02f9b325d5 # v9.1.4
         with:
           add: "kubescape-reports/"
           message: "docs: updated kubescape reports"
-          new_branch: gh-pages