diff --git a/.github/workflows/sonar-scan-pull-request.yml b/.github/workflows/sonar-scan-pull-request.yml
index 3034ab3530..7748aa4aea 100644
--- a/.github/workflows/sonar-scan-pull-request.yml
+++ b/.github/workflows/sonar-scan-pull-request.yml
@@ -7,16 +7,10 @@ on:
     types: [opened, synchronize, reopened, labeled]
 
 jobs:
-  authorize:
+  sonar:
     environment: 
       ${{ github.event_name == 'pull_request_target' && 
-      github.event.pull_request.head.repo.full_name != github.repository && 
-      'sonar' || 'internal' }}
-    runs-on: ubuntu-latest
-    steps:
-      - run: true
-      
-  sonar:
+      github.event.pull_request.head.repo.full_name != github.repository && 'sonar' || 'none' }}
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
@@ -24,6 +18,7 @@ jobs:
           # We need to fetch all branches and commits so that Nx affected has a base to compare
           # against.
           fetch-depth: 0
+          persist-credentials: false
           # By default, actions/checkout@v4 will checkout the main branch instead of the merge
           # commit when when using pull_request_target. It is currently difficult to checkout the
           # merge commit in this context. The current solution is to checkout the PR HEAD insteand