diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index dd154cf..af3749d 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -29,7 +29,6 @@ on:
 
 permissions:
   contents: read
-  security-events: write  # For SARIF upload
 
 jobs:
   check-changes:
@@ -147,6 +146,7 @@ jobs:
 
   integration-tests:
     name: Integration Tests (${{ matrix.os }})
+    if: github.event_name == 'pull_request'
     runs-on: ${{ matrix.os }}
     needs: check-changes
     strategy:
@@ -187,53 +187,11 @@ jobs:
           fi
         shell: bash
 
-  security:
-    name: Security Scan
-    runs-on: ubuntu-latest
-    needs: check-changes
-
-    steps:
-      - name: Skip if no code changes
-        if: needs.check-changes.outputs.code-changed != 'true'
-        run: |
-          echo "No code changes detected, skipping security scan"
-          exit 0
-
-      - name: Checkout code
-        if: needs.check-changes.outputs.code-changed == 'true'
-        uses: actions/checkout@v6
-
-      - name: Set up Go
-        if: needs.check-changes.outputs.code-changed == 'true'
-        uses: actions/setup-go@v6
-        with:
-          go-version: '1.25'
-          cache: true
-          cache-dependency-path: go.sum
-
-      - name: Run Gosec Security Scanner
-        if: needs.check-changes.outputs.code-changed == 'true'
-        uses: securego/gosec@master
-        with:
-          args: '-no-fail -fmt sarif -out results.sarif ./...'
-
-      - name: Fix SARIF format
-        if: needs.check-changes.outputs.code-changed == 'true'
-        run: |
-          jq '.runs[].results[] |= if .fixes then .fixes |= map(select(.artifactChanges and (.artifactChanges | type == "array" and length > 0))) else . end' results.sarif > results-fixed.sarif
-          mv results-fixed.sarif results.sarif
-
-      - name: Upload SARIF file
-        if: needs.check-changes.outputs.code-changed == 'true'
-        uses: github/codeql-action/upload-sarif@v3
-        with:
-          sarif_file: results.sarif
-        continue-on-error: true
-
   build:
     name: Build
     runs-on: ubuntu-latest
-    needs: [check-changes, unit-tests, integration-tests, security]
+    needs: [check-changes, unit-tests, integration-tests]
+    if: ${{ !failure() && !cancelled() }}
 
     steps:
       - name: Skip if no code changes
diff --git a/.github/workflows/pr-validation.yml b/.github/workflows/pr-validation.yml
deleted file mode 100644
index 46eee49..0000000
--- a/.github/workflows/pr-validation.yml
+++ /dev/null
@@ -1,25 +0,0 @@
-name: PR Validation
-
-on:
-  pull_request:
-    branches: [main]
-
-permissions:
-  contents: read
-
-jobs:
-  validate:
-    name: Validate PR
-    runs-on: ubuntu-latest
-
-    steps:
-      - name: Checkout PR
-        uses: actions/checkout@v6
-
-      - name: PR validation
-        run: |
-          echo "✅ PR validated for merge to main"
-          echo "PR #${{ github.event.pull_request.number }}: ${{ github.event.pull_request.title }}"
-          echo "Files changed: ${{ github.event.pull_request.changed_files }}"
-          echo "Additions: +${{ github.event.pull_request.additions }}"
-          echo "Deletions: -${{ github.event.pull_request.deletions }}"