diff --git a/.github/workflows/osv-scanner-scan.yml b/.github/workflows/osv-scanner-scan.yml
index 9fe3d159..bef43195 100644
--- a/.github/workflows/osv-scanner-scan.yml
+++ b/.github/workflows/osv-scanner-scan.yml
@@ -14,7 +14,8 @@ permissions: {}
 jobs:
   scan-scheduled:
     permissions:
+      actions: read
       contents: read # to fetch code (actions/checkout)
       security-events: write # for uploading SARIF files
     if: ${{ github.repository == 'metal3-io/ip-address-manager' && github.event_name == 'schedule' }}
-    uses: "./.github/workflows/osv-scanner.yml"
+    uses: google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml@4a318af4a84899723625da2927c30fcfb7247126 # v1.8.4
diff --git a/.github/workflows/osv-scanner.yml b/.github/workflows/osv-scanner.yml
deleted file mode 100644
index d81746e1..00000000
--- a/.github/workflows/osv-scanner.yml
+++ /dev/null
@@ -1,106 +0,0 @@
-# This file is adapted from https://github.com/google/osv-scanner
-
-name: OSV-Scanner
-
-permissions: {}
-
-on:
-  workflow_call:
-    inputs:
-      scan-args:
-        description: "Custom osv-scanner arguments (See https://google.github.io/osv-scanner/usage/ for options, you cannot set --format or --output)"
-        type: string
-        default: |-
-          -r
-          --skip-git
-          ./
-      results-file-name:
-        description: "File name of the result SARIF file"
-        type: string
-        default: results.sarif
-      upload-sarif:
-        description: "Whether to upload to Security > Code Scanning"
-        type: boolean
-        required: false
-        default: true
-      fail-on-vuln:
-        description: "Whether to fail the action on vulnerability found"
-        type: boolean
-        default: true
-
-jobs:
-  scan-pr:
-    permissions:
-      contents: read # to fetch code (actions/checkout)
-      security-events: write # for uploading SARIF files
-    runs-on: ubuntu-latest
-    steps:
-    - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
-      with:
-        fetch-depth: 0
-        # Do persist credentials, as we need it for the git checkout later
-    - name: "Checkout target branch"
-      run: git checkout $GITHUB_BASE_REF
-    - name: "Calculate go version"
-      id: vars
-      run: echo "go_version=$(make go-version)" >> $GITHUB_OUTPUT
-    - name: Set up Go
-      uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # tag=v5.0.2
-      with:
-        go-version: ${{ steps.vars.outputs.go_version }}
-    - name: "Run scanner on existing code"
-      uses: google/osv-scanner/actions/scanner@4a318af4a84899723625da2927c30fcfb7247126 # v1.8.4
-      continue-on-error: true
-      with:
-        scan-args: |-
-          --format=json
-          --output=old-results.json
-          ${{ inputs.scan-args }}
-    - name: "Checkout current branch"
-      run: git checkout $GITHUB_SHA
-    - name: "Run scanner on new code"
-      uses: google/osv-scanner/actions/scanner@4a318af4a84899723625da2927c30fcfb7247126 # v1.8.4
-      with:
-        scan-args: |-
-          --format=json
-          --output=new-results.json
-          ${{ inputs.scan-args }}
-      continue-on-error: true
-    - name: "Run osv-scanner-reporter"
-      uses: google/osv-scanner/actions/reporter@4a318af4a84899723625da2927c30fcfb7247126 # v1.8.4
-      with:
-        scan-args: |-
-          --output=${{ inputs.results-file-name }}
-          --old=old-results.json
-          --new=new-results.json
-          --gh-annotations=true
-          --fail-on-vuln=${{ inputs.fail-on-vuln }}
-    # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
-    # format to the repository Actions tab.
-    - name: "Upload artifact"
-      if: "!cancelled()"
-      uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
-      with:
-        name: SARIF file
-        path: ${{ inputs.results-file-name }}
-        retention-days: 5
-    - name: "Upload old scan json results"
-      if: "!cancelled()"
-      uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
-      with:
-        name: old-json-results
-        path: old-results.json
-        retention-days: 5
-    - name: "Upload new scan json results"
-      if: "!cancelled()"
-      uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
-      with:
-        name: new-json-results
-        path: new-results.json
-        retention-days: 5
-    # Upload the results to GitHub's code scanning dashboard.
-    - name: "Upload to code-scanning"
-      if: ${{ !cancelled() && inputs.upload-sarif == true }}
-      uses: github/codeql-action/upload-sarif@4dd16135b69a43b6c8efb853346f8437d92d3c93 # v3.26.6
-      with:
-        sarif_file: ${{ inputs.results-file-name }}