diff --git a/.github/workflows/security-scan.yml b/.github/workflows/security-scan.yml
index b48a79a..5cf068a 100644
--- a/.github/workflows/security-scan.yml
+++ b/.github/workflows/security-scan.yml
@@ -7,6 +7,9 @@ on:
 
 permissions:
   contents: read
+  security-events: write
+  actions: read
+  pull-requests: write
 
 jobs:
   scan:
diff --git a/action.yml b/action.yml
index 2030718..bc5c803 100644
--- a/action.yml
+++ b/action.yml
@@ -119,7 +119,7 @@ runs:
         # Verify checksum
         echo "Verifying checksum..."
         cd "$TMP_DIR"
-        EXPECTED=$(grep "$ARCHIVE_NAME" "$CHECKSUMS_NAME" | awk '{print $1}')
+        EXPECTED=$(grep " ${ARCHIVE_NAME}$" "$CHECKSUMS_NAME" | awk '{print $1}')
         if command -v sha256sum > /dev/null 2>&1; then
           ACTUAL=$(sha256sum "$ARCHIVE_NAME" | awk '{print $1}')
         else