diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml
index ae3695db293..3832f95c303 100644
--- a/.github/workflows/scorecard.yml
+++ b/.github/workflows/scorecard.yml
@@ -14,6 +14,7 @@ on:
   # push:
   #   branches: [ "main" ]
   workflow_dispatch:
+  pull_request:
 
 # Declare default permissions as read only.
 permissions: read-all
@@ -38,7 +39,7 @@ jobs:
           persist-credentials: false
 
       - name: "Run analysis"
-        uses: ossf/scorecard-action@99c53751e09b9529366343771cc321ec74e9bd3d # tag=v2.0.6
+        uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736 # v2.3.1
         with:
           results_file: results.sarif
           results_format: sarif