diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 8469e4296c8f826b741dcc9e77d7786df4ab338e..76f007235baa222f3a04b507580d5b05d4f8bd1f 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -116,6 +116,14 @@ container_scanning:
     CS_SCHEMA_MODEL: 15
     # Used for remediation
     GIT_STRATEGY: fetch
+  # FIXME: because we are using rules with the include, but override here, we also have to have the same rules here
+  rules:
+    - changes:
+        - Dockerfile
+        - .gitlab-ci.yml
+        - src/gitlab-tofu.sh
+    - if: $CI_COMMIT_TAG
+    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
 
 gitlab-opentofu-image:deploy:with-opentofu-version:
   extends: .opentofu-versions