diff --git a/.github/workflows/android-app.yml b/.github/workflows/android-app.yml
index ab6fff9..3346c98 100644
--- a/.github/workflows/android-app.yml
+++ b/.github/workflows/android-app.yml
@@ -5,12 +5,18 @@ on:
     branches: [ main, develop ]
     paths:
       - 'apps/android/**'
-      - 'shared/**'
+      - 'build.gradle.kts'
+      - 'settings.gradle.kts'
+      - 'gradlew'
+      - 'gradle/**'
   pull_request:
     branches: [ main ]
     paths:
       - 'apps/android/**'
-      - 'shared/**'
+      - 'build.gradle.kts'
+      - 'settings.gradle.kts'
+      - 'gradlew'
+      - 'gradle/**'
 
 env:
   GRADLE_OPTS: "-Dorg.gradle.jvmargs=-Xmx2048m -Dorg.gradle.daemon=false"
diff --git a/.github/workflows/performance-test.yml b/.github/workflows/performance-test.yml
index af5fe43..bd29b35 100644
--- a/.github/workflows/performance-test.yml
+++ b/.github/workflows/performance-test.yml
@@ -95,6 +95,7 @@ jobs:
           
       - name: Build backup service
         run: |
+          chmod +x gradlew
           cd services/backup-engine
           if [ -f "build.gradle.kts" ]; then
             ../../gradlew build
diff --git a/.github/workflows/security-scan.yml b/.github/workflows/security-scan.yml
index 6e1103b..9366720 100644
--- a/.github/workflows/security-scan.yml
+++ b/.github/workflows/security-scan.yml
@@ -10,6 +10,10 @@ on:
     - cron: '0 2 * * *'
   workflow_dispatch:
 
+permissions:
+  contents: read
+  security-events: write
+
 jobs:
   dependency-scan:
     runs-on: ubuntu-latest
@@ -92,13 +96,12 @@ jobs:
         with:
           config: >
             p/security-audit
-            p/owasp-top-10
             p/kotlin
             p/java
             p/typescript
             p/python
+            p/javascript
             p/rust
-            p/cpp
           generateSarif: "1"
           
       - name: Upload SARIF file