diff --git a/.github/workflows/update-insecure-dependencies.yaml b/.github/workflows/update-insecure-dependencies.yaml
index d680069889e8..3c24da798302 100644
--- a/.github/workflows/update-insecure-dependencies.yaml
+++ b/.github/workflows/update-insecure-dependencies.yaml
@@ -17,6 +17,9 @@ jobs:
         env:
           GITHUB_TOKEN: ${{ github.token }}
   update-insecure-dependencies:
+    env:
+      OSV_SCANNER_ADDITIONAL_OPTS: ""
+    timeout-minutes: 20
     needs:
       - build-matrix
     strategy:
@@ -43,7 +46,7 @@ jobs:
       - name: "Prepare commit body - before"
         id: prepare_commit_body_before
         run: |
-          SCAN_OUTPUT_BEFORE=$(osv-scanner --lockfile=go.mod | tr "+" "|" | awk 'NR>3 {print last} {last=$0}' || true)
+          SCAN_OUTPUT_BEFORE=$(osv-scanner $OSV_SCANNER_ADDITIONAL_OPTS --lockfile=go.mod | tr "+" "|" | awk 'NR>3 {print last} {last=$0}' || true)
           echo "SCAN_OUTPUT_BEFORE<<EOF" >> $GITHUB_ENV
           echo "$SCAN_OUTPUT_BEFORE" >> $GITHUB_ENV
           echo "EOF" >> $GITHUB_ENV
@@ -54,7 +57,7 @@ jobs:
       - name: "Prepare commit body - after"
         id: prepare_commit_body_after
         run: |
-          SCAN_OUTPUT_AFTER=$(osv-scanner --lockfile=go.mod | tr "+" "|" | awk 'NR>3 {print last} {last=$0}' || true)
+          SCAN_OUTPUT_AFTER=$(osv-scanner $OSV_SCANNER_ADDITIONAL_OPTS --lockfile=go.mod | tr "+" "|" | awk 'NR>3 {print last} {last=$0}' || true)
           echo "SCAN_OUTPUT_AFTER<<EOF" >> $GITHUB_ENV
           echo "$SCAN_OUTPUT_AFTER" >> $GITHUB_ENV
           echo "EOF" >> $GITHUB_ENV
diff --git a/tools/ci/update-vulnerable-dependencies/update-vulnerable-dependencies.sh b/tools/ci/update-vulnerable-dependencies/update-vulnerable-dependencies.sh
index 2f11c5368dc9..fd02f9442f50 100755
--- a/tools/ci/update-vulnerable-dependencies/update-vulnerable-dependencies.sh
+++ b/tools/ci/update-vulnerable-dependencies/update-vulnerable-dependencies.sh
@@ -8,7 +8,7 @@ command -v jq >/dev/null 2>&1 || { echo >&2 "jq not installed!"; exit 1; }
 SCRIPT_PATH="${BASH_SOURCE[0]:-$0}";
 SCRIPT_DIR="$(dirname -- "$SCRIPT_PATH")"
 
-for dep in $(osv-scanner --lockfile=go.mod --json | jq -c '.results[].packages[] | .package.name as $vulnerablePackage | {
+for dep in $(osv-scanner "$OSV_SCANNER_ADDITIONAL_OPTS" --lockfile=go.mod --json | jq -c '.results[].packages[] | .package.name as $vulnerablePackage | {
   name: $vulnerablePackage,
   current: .package.version,
   fixedVersions: [.vulnerabilities[].affected[] | select(.package.name == $vulnerablePackage) | .ranges[].events |