diff --git a/.github/workflows/on_prerelease.yml b/.github/workflows/on_prerelease.yaml
similarity index 100%
rename from .github/workflows/on_prerelease.yml
rename to .github/workflows/on_prerelease.yaml
diff --git a/.github/workflows/push_pr.yml b/.github/workflows/on_push_pr.yaml
similarity index 97%
rename from .github/workflows/push_pr.yml
rename to .github/workflows/on_push_pr.yaml
index 6b0089c..40c403e 100644
--- a/.github/workflows/push_pr.yml
+++ b/.github/workflows/on_push_pr.yaml
@@ -21,10 +21,6 @@ jobs:
     steps:
       - uses: actions/checkout@v4
       - uses: newrelic/newrelic-infra-checkers@v1
-      - name: Semgrep
-        uses: returntocorp/semgrep-action@v1
-        with:
-          auditOn: push
       - name: golangci-lint
         uses: golangci/golangci-lint-action@v3
         continue-on-error: ${{ github.event_name != 'pull_request' }}
diff --git a/.github/workflows/on_release.yml b/.github/workflows/on_release.yaml
similarity index 100%
rename from .github/workflows/on_release.yml
rename to .github/workflows/on_release.yaml
diff --git a/.github/workflows/repolinter.yml b/.github/workflows/repolinter.yml
index 8c14aba..8b84785 100644
--- a/.github/workflows/repolinter.yml
+++ b/.github/workflows/repolinter.yml
@@ -2,30 +2,10 @@
 # workflow_dispatch to work properly
 name: Repolinter Action
 
-# NOTE: This workflow will ONLY check the default branch!
-# Currently there is no elegant way to specify the default
-# branch in the event filtering, so branches are instead
-# filtered in the "Test Default Branch" step.
-on: [push, workflow_dispatch]
+on:
+  push:
+  workflow_dispatch:
 
 jobs:
-  repolint:
-    name: Run Repolinter
-    runs-on: ubuntu-latest
-    steps:
-      - name: Test Default Branch
-        id: default-branch
-        uses: actions/github-script@v2
-        with:
-          script: |
-            const data = await github.repos.get(context.repo)
-            return data.data && data.data.default_branch === context.ref.split('/').slice(-1)[0]
-      - name: Checkout Self
-        if: ${{ steps.default-branch.outputs.result == 'true' }}
-        uses: actions/checkout@v4
-      - name: Run Repolinter
-        if: ${{ steps.default-branch.outputs.result == 'true' }}
-        uses: newrelic/repolinter-action@v1
-        with:
-          config_url: https://raw.githubusercontent.com/newrelic/.github/main/repolinter-rulesets/community-plus.yml
-          output_type: issue
+  repolinter:
+    uses: newrelic/coreint-automation/.github/workflows/reusable_repolinter.yaml@v2
diff --git a/.github/workflows/security.yaml b/.github/workflows/security.yaml
new file mode 100644
index 0000000..185f20e
--- /dev/null
+++ b/.github/workflows/security.yaml
@@ -0,0 +1,17 @@
+name: Security Scan
+
+on:
+  push:
+    branches:
+      - master
+      - main
+      - renovate/**
+  pull_request:
+  schedule:
+    - cron: "0 3 * * *"
+
+jobs:
+  security:
+    uses: newrelic/coreint-automation/.github/workflows/reusable_security.yaml@v2
+    with:
+      skip-dirs: "build"
diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml
deleted file mode 100644
index 5b1bf93..0000000
--- a/.github/workflows/security.yml
+++ /dev/null
@@ -1,47 +0,0 @@
-name: Security Scan
-
-on:
-  push:
-    branches:
-      - master
-      - main
-      - renovate/**
-  pull_request:
-  schedule:
-    - cron: "0 3 * * *"
-
-jobs:
-  trivy:
-    name: Trivy security scan
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v4
-
-      - name: Run Trivy vulnerability scanner in repo mode
-        uses: aquasecurity/trivy-action@0.13.1
-        if: ${{ ! github.event.schedule }} # Do not run inline checks when running periodically
-        with:
-          scan-type: fs
-          ignore-unfixed: true
-          exit-code: 1
-          severity: 'HIGH,CRITICAL'
-          skip-dirs: 'build'
-
-      - name: Run Trivy vulnerability scanner sarif output
-        uses: aquasecurity/trivy-action@0.13.1
-        if: ${{ github.event.schedule }} # Generate sarif when running periodically
-        with:
-          scan-type: fs
-          ignore-unfixed: true
-          severity: 'HIGH,CRITICAL'
-          format: 'template'
-          template: '@/contrib/sarif.tpl'
-          output: 'trivy-results.sarif'
-          skip-dirs: 'build'
-
-      - name: Upload Trivy scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@v2
-        if: ${{ github.event.schedule }} # Upload sarif when running periodically
-        with:
-          sarif_file: 'trivy-results.sarif'
diff --git a/.github/workflows/trigger_prerelease.yml b/.github/workflows/trigger_prerelease.yaml
similarity index 87%
rename from .github/workflows/trigger_prerelease.yml
rename to .github/workflows/trigger_prerelease.yaml
index 0ce13b4..c7517d6 100644
--- a/.github/workflows/trigger_prerelease.yml
+++ b/.github/workflows/trigger_prerelease.yaml
@@ -11,7 +11,7 @@ on:
 
 jobs:
   prerelease:
-    uses: newrelic/coreint-automation/.github/workflows/trigger_prerelease.yaml@v1
+    uses: newrelic/coreint-automation/.github/workflows/reusable_trigger_prerelease.yaml@v2
     secrets:
       bot_token: ${{ secrets.COREINT_BOT_TOKEN }}
       slack_channel:  ${{ secrets.COREINT_SLACK_CHANNEL }}