diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index 2f2d609..2131f3f 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -13,12 +13,15 @@ name: "CodeQL"
 
 on:
   push:
-    branches: [ master, dev ]
+    branches: [ master ]
   pull_request:
     # The branches below must be a subset of the branches above
     branches: [ master ]
   schedule:
-    - cron: '36 3 * * 4'
+    - cron: '27 6 * * 4'
+
+# Declare default permissions as read only.
+permissions: read-all
 
 jobs:
   analyze:
@@ -32,7 +35,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        language: [ 'cpp' ]
+        language: [ 'cpp', 'python' ]
         # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
         # Learn more about CodeQL language support at https://git.io/codeql-language-support
 
diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml
index 0ccc6ea..fe4a6e7 100644
--- a/.github/workflows/scorecards.yml
+++ b/.github/workflows/scorecards.yml
@@ -3,7 +3,7 @@ on:
   # Only the default branch is supported.
   branch_protection_rule:
   schedule:
-    - cron: '41 1 * * 5'
+    - cron: '23 17 * * 1'
   push:
     branches: [ master ]