diff --git a/.github/workflows/ci-pr.yml b/.github/workflows/ci-pr.yml
index d211270c47..1ba1d91119 100644
--- a/.github/workflows/ci-pr.yml
+++ b/.github/workflows/ci-pr.yml
@@ -3,6 +3,12 @@ name: CI PRs
 on:
   pull_request:
 
+env:
+  ENABLE_SECURITY_SCAN: ${{ vars.ENABLE_SECURITY_SCAN }}
+  TRIVY_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-db,aquasec/trivy-db,ghcr.io/aquasecurity/trivy-db
+  TRIVY_JAVA_DB_REPOSITORY: public.ecr.aws/aquasecurity/trivy-java-db,aquasec/trivy-java-db,ghcr.io/aquasecurity/trivy-java-db
+
+
 jobs:
   build:
     runs-on: ubuntu-latest
@@ -31,6 +37,7 @@ jobs:
     steps:
       - uses: actions/checkout@v4
       - name: Run Trivy vulnerability scanner in repo mode
+        if: ${{ env.ENABLE_SECURITY_SCAN == 'true' }}
         uses: aquasecurity/trivy-action@master
         with:
           scan-type: 'fs'
@@ -38,6 +45,7 @@ jobs:
           format: 'table'
           severity: 'CRITICAL,HIGH'
       - name: 'Scanned'
+        if: ${{ env.ENABLE_SECURITY_SCAN == 'true' }}
         shell: bash
         run: echo "::info ::Scanned"
   done:
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 0e2a0c20b0..a940121cfa 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -5,7 +5,7 @@ on:
     inputs:
       enableSecurityScan:
         type: boolean
-        default: false
+        default: ${{ vars.ENABLE_SECURITY_SCAN == 'true' }}
         description: 'Enable security scan with Trivy'
   push:
     branches: