diff --git a/.github/linters/semgrep/pull-request-target-code-checkout.yaml b/.github/linters/semgrep/pull-request-target-code-checkout.yaml
index 1348d505f6c368..a6186a753ab37c 100644
--- a/.github/linters/semgrep/pull-request-target-code-checkout.yaml
+++ b/.github/linters/semgrep/pull-request-target-code-checkout.yaml
@@ -47,6 +47,15 @@ rules:
             ...
             $JOBNAME:
               ...
+      - pattern-not-inside: |
+          needs: [..., permission-check, ...]
+          ...
+      - pattern-not-inside: |
+          needs:
+            ...
+            - permission-check
+            ...
+          ...
       - pattern-not-inside: |
           needs: [permission-check]
           ...
diff --git a/.github/workflows/docker-build-test.yaml b/.github/workflows/docker-build-test.yaml
index 6a7f0f15c40278..0d373bc32a036d 100644
--- a/.github/workflows/docker-build-test.yaml
+++ b/.github/workflows/docker-build-test.yaml
@@ -111,6 +111,7 @@ jobs:
 
   # This job determines which files were changed
   file_change_determinator:
+    needs: [permission-check]
     runs-on: ubuntu-latest
     outputs:
       only_docs_changed: ${{ steps.determine_file_changes.outputs.only_docs_changed }}
diff --git a/.github/workflows/semgrep.yaml b/.github/workflows/semgrep.yaml
index 320f35904f60e1..9505c7b3b2b9ca 100644
--- a/.github/workflows/semgrep.yaml
+++ b/.github/workflows/semgrep.yaml
@@ -4,6 +4,8 @@ on:
   workflow_dispatch:
   pull_request:
     types: [labeled, opened, synchronize, reopened, auto_merge_enabled]
+  schedule:
+    - cron: '0 * * * *'
 
 jobs:
   semgrep:
diff --git a/.github/workflows/ts-sdk-e2e-tests.yaml b/.github/workflows/ts-sdk-e2e-tests.yaml
index 8a4b53419af298..1a9c168e5dbbf3 100644
--- a/.github/workflows/ts-sdk-e2e-tests.yaml
+++ b/.github/workflows/ts-sdk-e2e-tests.yaml
@@ -34,6 +34,7 @@ jobs:
 
   # This job determines which files were changed
   file_change_determinator:
+    needs: [permission-check]
     runs-on: ubuntu-latest
     outputs:
       only_docs_changed: ${{ steps.determine_file_changes.outputs.only_docs_changed }}