diff --git a/.github/workflows/ci-static-analysis.yml b/.github/workflows/ci-static-analysis.yml
index eb63c7eac..fbb058076 100644
--- a/.github/workflows/ci-static-analysis.yml
+++ b/.github/workflows/ci-static-analysis.yml
@@ -32,7 +32,6 @@ jobs:
     runs-on: ubuntu-24.04
     permissions:
       contents: read
-      security-events: write
     steps:
       - name: Checkout
         uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
@@ -41,18 +40,13 @@ jobs:
       - name: Set up uv
         uses: astral-sh/setup-uv@08807647e7069bb48b6ef5acd8ec9567f424441b # v8.1.0
       - name: Export all requirements from lockfile
-        run: uv export --all-groups --format requirements-txt -o /tmp/requirements-all.txt
+        run: |
+          uv export --all-groups --format requirements-txt -o /tmp/requirements-all.txt
+          grep -v " @ git+" /tmp/requirements-all.txt > /tmp/requirements-auditable.txt
       - name: Run pip-audit
         uses: pypa/gh-action-pip-audit@1220774d901786e6f652ae159f7b6bc8fea6d266 # v1.1.0
         with:
-          inputs: /tmp/requirements-all.txt
-          format: sarif
-          output: results.sarif
-      - name: Upload results to GitHub code scanning
-        uses: github/codeql-action/upload-sarif@c10b8064de6f491fea524254123dbe5e09572f13 # v4.35.1
-        if: always()
-        with:
-          sarif_file: results.sarif
+          inputs: /tmp/requirements-auditable.txt
   semgrep:
     name: Semgrep CE
     runs-on: ubuntu-24.04