diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
index 5b0fbe2..4aba756 100644
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@@ -44,7 +44,7 @@ jobs:
         uses: auth0/devsecops-tooling/.github/actions/rl-scan@main
         with:
           artifact-name: "auth0-fastapi-api"
-          artifact-path: "auth0-fastapi-api.tgz"
+          artifact-path: "${{ github.workspace }}/auth0-fastapi-api.tgz"
           version: ${{ steps.get_version.outputs.version }}
           RLSECURE_LICENSE: ${{ secrets.RLSECURE_LICENSE }}
           RLSECURE_SITE_KEY: ${{ secrets.RLSECURE_SITE_KEY }}
@@ -59,7 +59,7 @@ jobs:
     if: github.event_name == 'workflow_dispatch' || (github.event_name == 'pull_request' && github.event.pull_request.merged && startsWith(github.event.pull_request.head.ref, 'release/'))
     name: "PyPI"
     runs-on: ubuntu-latest
-    # needs: rl-scanner
+    needs: rl-scanner
     environment: release
 
     steps: