diff --git a/.github/workflows/sast.yml b/.github/workflows/sast.yml
index b616e38..0772098 100644
--- a/.github/workflows/sast.yml
+++ b/.github/workflows/sast.yml
@@ -21,19 +21,19 @@ jobs:
     runs-on: ubuntu-latest
     timeout-minutes: 10
     steps:
-    - uses: actions/checkout@v3
-    - name: Test
-      run: |
-        echo UID=$(id -u) >> .env
-        docker run --rm --user=$(id -u) \
-          -v "${PWD}:/code" \
-          -w /code \
-          -e MAVEN_OPTS=" -ntp " \
-          -e RUN_OWASP_DEPENDENCY_CHECK=false \
-          -e RUN_SPOTBUGS_CHECK=false \
-          -e RUN_SPOTLESS_CHECK=false \
-          -e RUN_SPOTLESS_APPLY=true \
-          -e HOME=/tmp \
-          -e USER=nobody \
-          -e BANDIT_CONFIG_FILE=/code/.bandit.yaml \
-          ghcr.io/par-tec/super-sast:latest
+      - uses: actions/checkout@v3
+      - name: Test
+        run: |
+          echo UID="$(id -u)" >> .env
+          docker run --rm --user="$(id -u)" \
+            -v "${PWD}:/code" \
+            -w /code \
+            -e MAVEN_OPTS=" -ntp " \
+            -e RUN_OWASP_DEPENDENCY_CHECK=false \
+            -e RUN_SPOTBUGS_CHECK=false \
+            -e RUN_SPOTLESS_CHECK=false \
+            -e RUN_SPOTLESS_APPLY=true \
+            -e HOME=/tmp \
+            -e USER=nobody \
+            -e BANDIT_CONFIG_FILE=/code/.bandit.yaml \
+            ghcr.io/par-tec/super-sast:latest