diff --git a/.github/workflows/rl-secure.yml b/.github/workflows/rl-secure.yml
index 9a971fab7..6a1e5fd71 100644
--- a/.github/workflows/rl-secure.yml
+++ b/.github/workflows/rl-secure.yml
@@ -3,13 +3,15 @@ run-name: rl-scanner-only
 description: Workflow for scanning build artifacts with RL-Secure
 
 on:
+  merge_group:
   workflow_dispatch:
   push:
-    branches: [ "main" ]
+    branches: ['main']
   pull_request_target:
     types:
       - opened
       - synchronize
+
 jobs:
   checkout-build-scan-only:
     description: Checkout, build, and scan the project
@@ -21,21 +23,22 @@ jobs:
 
     steps:
       - uses: actions/checkout@v4
-      
+
       - name: Install npm dependencies
         run: npm install
 
-      - name: Build project
-        run: npm run build
+      - name: Create tgz build artifact
+        run: |
+          tar -czvf auth0-spa-js.tgz *
 
-      - name: Zip build artifact
+      - name: Verify tgz file
         run: |
-          zip -r auth0-spa-js.zip dist
+          ls -la packages
 
       - name: Create build artifact
         id: output_build_artifact
         run: |
-          echo "scanfile=auth0-spa-js.zip" >> $GITHUB_OUTPUT
+          echo "scanfile=auth0-spa-js.tgz" >> $GITHUB_OUTPUT
 
       - name: Scan packages with rl-secure
         id: scan
@@ -45,7 +48,6 @@ jobs:
         uses: reversinglabs/gh-action-rl-scanner-only@v1
         with:
           artifact-to-scan: ${{ steps.output_build_artifact.outputs.scanfile }}
-          report-path: "My_Report_Dir"
 
       - name: Get the scan status output
         if: success() || failure()