diff --git a/.github/workflows/owasp.yaml b/.github/workflows/owasp.yaml
new file mode 100644
index 0000000000..e7e5b59cb5
--- /dev/null
+++ b/.github/workflows/owasp.yaml
@@ -0,0 +1,10 @@
+name: zap-scan
+on:
+  workflow_dispatch:
+  push:
+jobs:
+  zap-scan:
+    uses: button-inc/button-shared-gh-actions/.github/workflows/scan-code-owasp-zap.yml@develop
+    with:
+      working-directory: ./app
+      target-url: 'http://localhost:3000/applicantportal'
diff --git a/.github/workflows/sonarcloud.yaml b/.github/workflows/sonarcloud.yaml
index bc6eb1c7d5..793a561c52 100644
--- a/.github/workflows/sonarcloud.yaml
+++ b/.github/workflows/sonarcloud.yaml
@@ -1,7 +1,6 @@
 name: sonarcloud-scan
 on:
   workflow_dispatch:
-  push:
 jobs:
   sonarcloud-scan:
     uses: button-inc/button-shared-gh-actions/.github/workflows/scan-code-sonarcloud.yml@develop
diff --git a/.github/workflows/test-containers.yaml b/.github/workflows/test-containers.yaml
index 6285fbc8bd..cb5788ee79 100644
--- a/.github/workflows/test-containers.yaml
+++ b/.github/workflows/test-containers.yaml
@@ -43,15 +43,7 @@ jobs:
       - name: run app locally
         uses: ./.github/actions/local-app-run
       - name: ZAP Full Scan
-        uses: zaproxy/action-full-scan@v0.4.0
-        with:
-          token: ${{ secrets.GITHUB_TOKEN }}
-          docker_name: 'owasp/zap2docker-stable'
-          target: 'http://localhost:3000/applicantportal'
-          rules_file_name: '.zap/rules.tsv'
-          cmd_options: '-a -d -T 5 -m 2'
-          issue_title: OWASP Full Scan
-          fail_action: true
+        uses: ./.github/workflows/owasp.yaml
 
   trivy-scan-app:
     runs-on: ubuntu-latest