diff --git a/.forgejo/workflows/audit.yml b/.forgejo/workflows/audit.yml
index 9a5fcfb..b98bf6b 100644
--- a/.forgejo/workflows/audit.yml
+++ b/.forgejo/workflows/audit.yml
@@ -12,11 +12,12 @@ on:
       - '**/Cargo.toml'
       - '**/Cargo.lock'
       - 'deny.toml'
+  pull_request:
+    branches: [main]
 jobs:
   security_audit:
     runs-on: native
     steps:
       - uses: actions/checkout@v4
-      - uses: https://github.com/taiki-e/install-action@cargo-deny
       - name: Scan for vulnerabilities
-        run: cargo deny check
+        run: nix develop --accept-flake-config --command cargo deny check