diff --git a/.github/workflows/fossa.yaml b/.github/workflows/fossa.yaml
index 9b502e3..01bc9f3 100644
--- a/.github/workflows/fossa.yaml
+++ b/.github/workflows/fossa.yaml
@@ -2,8 +2,10 @@ name: Run Fossa Scan
 
 on:
   push:
-    tags:
-      - '*'
+    branches:
+      - "v1.29"
+  # For manual scans.
+  workflow_dispatch:
 
 jobs:
   fossa:
@@ -11,21 +13,18 @@ jobs:
     permissions:
       contents: read
       id-token: write # needed for the Vault authentication
-    continue-on-error: true # we know that fossa test will report errors
     steps:
-      - name: Load Secrets from Vault
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Read FOSSA token
         uses: rancher-eio/read-vault-secrets@main
         with:
           secrets: |
-            secret/data/github/repo/${{ github.repository }}/fossa/credentials token | FOSSA
-      - name: Checkout Repo
-        uses: actions/checkout@v4
-      - name: Run Fossa analyze
-        uses: fossas/fossa-action@v1.3.3
-        with:
-          api-key: ${{ env.FOSSA }}
-      - name: Run Fossa test
-        uses: fossas/fossa-action@v1.3.3
+            secret/data/github/org/rancher/fossa/push token | FOSSA_API_KEY_PUSH_ONLY
+
+      - name: FOSSA scan
+        uses: fossas/fossa-action@main
         with:
-          api-key: ${{ env.FOSSA }}
-          run-tests: true
+          api-key: ${{ env.FOSSA_API_KEY_PUSH_ONLY }}
+          run-tests: false