diff --git a/.github/workflows/checks.yml b/.github/workflows/checks.yml
index e157bed..dd4878a 100644
--- a/.github/workflows/checks.yml
+++ b/.github/workflows/checks.yml
@@ -1,4 +1,4 @@
-name: checks
+name: security
 
 on:
   pull_request:
@@ -14,7 +14,7 @@ permissions:
   contents: read
 
 jobs:
-  security:
+  required:
     uses: ./.github/workflows/security.yml
     permissions:
       contents: read
diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml
index f4a424e..c48c0c6 100644
--- a/.github/workflows/security.yml
+++ b/.github/workflows/security.yml
@@ -34,12 +34,23 @@ jobs:
         with:
           persist-credentials: false
 
-      - uses: zizmorcore/zizmor-action@b1d7e1fb5de872772f31590499237e7cce841e8e # v0.5.3
+      - name: Write zizmor config
+        run: |
+          cat > ./zizmor.yml <<'EOF'
+          rules:
+            dependabot-cooldown:
+              config:
+                days: 3
+          EOF
+
+      - name: Run zizmor
+        uses: zizmorcore/zizmor-action@b1d7e1fb5de872772f31590499237e7cce841e8e # v0.5.3
         with:
           persona: pedantic
+          config: ./zizmor.yml
 
-  security:
-    name: security
+  summary:
+    name: summary
     permissions: {}
     if: always()
     needs: