diff --git a/.github/workflows/ci-pr.yml b/.github/workflows/ci-pr.yml
index 85d6f877..649f19e5 100644
--- a/.github/workflows/ci-pr.yml
+++ b/.github/workflows/ci-pr.yml
@@ -105,14 +105,9 @@ jobs:
               -PspringBootVersion="$BOOT_VERSION" \
               -PsampleTests \
               :runAllSampleTests
-  scan:
-    needs: [prerequisites]
-    if: needs.prerequisites.outputs.runjobs
-    uses: ./.github/workflows/trivy-scan.yml
-
   done:
     runs-on: ubuntu-latest
-    needs: [ build_and_verify, check_samples, scan ]
+    needs: [ build_and_verify, check_samples ]
     steps:
       - name: 'Done'
         shell: bash
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 7a4f8633..f57becc8 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -11,6 +11,12 @@ on:
   schedule:
     - cron: '0 11 * * *' # Once per day at 11am UTC
   workflow_dispatch:
+    inputs:
+      run-trivy-scan:
+        description: 'Whether to run Trivy scan'
+        default: false
+        required: false
+        type: boolean
 
 env:
   GCHAT_WEBHOOK_URL: ${{ secrets.SPRING_RELEASE_GCHAT_WEBHOOK_URL }}
@@ -93,7 +99,7 @@ jobs:
               :runAllSampleTests
   scan:
     needs: [prerequisites]
-    if: needs.prerequisites.outputs.runjobs
+    if: ${{ needs.prerequisites.outputs.runjobs && inputs.run-trivy-scan }}
     uses: ./.github/workflows/trivy-scan.yml
   deploy_artifacts:
     name: Deploy Artifacts
diff --git a/.github/workflows/trivy-scan.yml b/.github/workflows/trivy-scan.yml
index 7981d2c2..ac1bc68b 100644
--- a/.github/workflows/trivy-scan.yml
+++ b/.github/workflows/trivy-scan.yml
@@ -25,6 +25,8 @@ on:
         default: false
         required: false
         type: boolean
+  schedule:
+    - cron: '0 14 * * */3' # Once every 3 day at 2pm UTC
 
 jobs:
   run_trivy_scan: