diff --git a/.github/workflows/codeql-analysis.yaml b/.github/workflows/codeql-analysis.yaml
index 95c22ec0..db0ef316 100644
--- a/.github/workflows/codeql-analysis.yaml
+++ b/.github/workflows/codeql-analysis.yaml
@@ -3,26 +3,23 @@ name: CodeQL
 
 on:
   pull_request:
-    types: [opened, synchronize]
+    branches: [main]
+    types: [opened, synchronize, reopened, ready_for_review]
   push:
-    branches: [main, 'renovate/**']
+    branches: [main]
   schedule:
     - cron: '31 7 * * 3' # Every Wednesday at 7:31am UTC
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.event.number || github.ref }}
-  cancel-in-progress: true
+  workflow_dispatch:
 
 permissions:
   contents: read
 
 jobs:
   analyze:
-    env:
-      language: javascript
     name: Analyze
     runs-on: ubuntu-latest
     permissions:
+      actions: read
       security-events: write
 
     steps:
@@ -32,7 +29,8 @@ jobs:
       - name: Initialize CodeQL
         uses: github/codeql-action/init@89a39a4e59826350b863aa6b6252a07ad50cf83e # v4.32.4
         with:
-          languages: ${{ env.language }}
+          languages: javascript
+          queries: +security-and-quality
 
       - name: Autobuild
         uses: github/codeql-action/autobuild@89a39a4e59826350b863aa6b6252a07ad50cf83e # v4.32.4
@@ -40,4 +38,4 @@ jobs:
       - name: Perform CodeQL Analysis
         uses: github/codeql-action/analyze@89a39a4e59826350b863aa6b6252a07ad50cf83e # v4.32.4
         with:
-          category: '/language:${{ env.language }}'
+          category: '/language:javascript'