diff --git a/.github/workflows/post-merge-scorecard.yml b/.github/workflows/post-merge-scorecard.yml
new file mode 100644
index 0000000..b21981e
--- /dev/null
+++ b/.github/workflows/post-merge-scorecard.yml
@@ -0,0 +1,24 @@
+---
+# SPDX-FileCopyrightText: (C) 2025 Intel Corporation
+# SPDX-License-Identifier: Apache-2.0
+
+name: Post-Merge Scorecard CI
+
+on:
+  push:
+    branches:
+      - main
+  workflow_dispatch:
+
+permissions:
+  contents: read
+  security-events: write
+  id-token: write
+
+jobs:
+  call-scorecard:
+    uses: open-edge-platform/orch-ci/.github/workflows/post-merge-scorecard.yml@main
+    with:
+      project_folder: "."
+    secrets:
+      SYS_ORCH_GITHUB: ${{ secrets.SYS_ORCH_GITHUB }}
diff --git a/.github/workflows/post-merge.yml b/.github/workflows/post-merge.yml
index 8501e25..3ff1d1b 100644
--- a/.github/workflows/post-merge.yml
+++ b/.github/workflows/post-merge.yml
@@ -26,7 +26,7 @@ jobs:
           persist-credentials: false
       - name: "Discover Changed Files"
         id: discover-changed-files
-        uses: open-edge-platform/orch-ci/discover-changed-files@c4b86434962d13f65fd7b16a33e9eecfd5849a64  # 0.1.56
+        uses: open-edge-platform/orch-ci/discover-changed-files@da08a06e8aec70621e50ed4aec2fac5599839f45  # v0.1.62
         with:
           project_folder: "."
       - name: "Filter Out Unwanted Changed Files"
@@ -60,7 +60,7 @@ jobs:
       statuses: read
     needs: pre-checks
     if: ${{ needs.pre-checks.outputs.filtered_files != '[]' && needs.pre-checks.outputs.filtered_files != '[""]' }}
-    uses: open-edge-platform/orch-ci/.github/workflows/post-merge.yml@c4b86434962d13f65fd7b16a33e9eecfd5849a64  # 0.1.56
+    uses: open-edge-platform/orch-ci/.github/workflows/post-merge.yml@da08a06e8aec70621e50ed4aec2fac5599839f45  # v0.1.62
     with:
       run_version_check: true
       run_version_tag: true
@@ -80,8 +80,6 @@ jobs:
       run_version_dev: false
     secrets:
       SYS_ORCH_GITHUB: ${{ secrets.SYS_ORCH_GITHUB }}
-      COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }}
-      COSIGN_PRIVATE_KEY: ${{ secrets.COSIGN_PRIVATE_KEY }}
       NO_AUTH_ECR_PUSH_USERNAME: ${{ secrets.NO_AUTH_ECR_PUSH_USERNAME }}
       NO_AUTH_ECR_PUSH_PASSWD: ${{ secrets.NO_AUTH_ECR_PUSH_PASSWD }}
       MSTEAMS_WEBHOOK: ${{ secrets.TEAMS_WEBHOOK }}