diff --git a/.gitea/workflows/ci.yml b/.gitea/workflows/ci.yml
index 9ce78f6..d3a74ef 100644
--- a/.gitea/workflows/ci.yml
+++ b/.gitea/workflows/ci.yml
@@ -2,11 +2,10 @@ name: CI/CD Awesome Pipeline
 
 on:
   push:
-    branches: [main]
     tags:
       - 'v*.*.*'
-  pull_request:
-    branches: [main]
+
+workflow_dispatch:
 
 env:
   REGISTRY_URL: ${{ vars.REGISTRY_URL || 'gitea.iswearihadsomethingforthis.net' }}
@@ -45,12 +44,10 @@ jobs:
         with:
           images: gitea.iswearihadsomethingforthis.net/francwa/${{ steps.config.outputs.image_name }}
           tags: |
-            # Case 1 - Git Tag (v1.2.3)
+            # Tagged (v1.2.3)
             type=semver,pattern={{ version }}
-            # Case 2 - Push on main
+            # Latest
             type=raw,value=latest,enable={{ is_default_branch }}
-            # Both case - Commit sha
-            type=sha
 
       - name: Login to Gitea Registry
         uses: docker/login-action@v3
@@ -81,4 +78,11 @@ jobs:
           # Unset the fake GITHUB_TOKEN injected by Gitea
           GITHUB_TOKEN: ""
         with:
-          args: image --format table --exit-code 1 --ignore-unfixed --severity CRITICAL,HIGH gitea.iswearihadsomethingforthis.net/francwa/${{ steps.config.outputs.image_name }}:latest
+          args: image --format table --output trivy-report.txt --exit-code 0 --ignore-unfixed --severity CRITICAL,HIGH gitea.iswearihadsomethingforthis.net/francwa/${{ steps.config.outputs.image_name }}:latest
+
+      - name: 📤 Upload Security Report
+        uses: actions/upload-artifact@v4
+        with:
+          name: security-report
+          path: trivy-report.txt
+          retention-days: 7