diff --git a/.github/workflows/ci-security.yml b/.github/workflows/ci-security.yml
index 7571f5c4c0..3ada9fae3f 100644
--- a/.github/workflows/ci-security.yml
+++ b/.github/workflows/ci-security.yml
@@ -82,6 +82,10 @@ jobs:
     - name: Build ReleaseNotes
       run: dotnet publish -c Release -p:TGS_HOST_NO_WEBPANEL=true -o release_notes_bins tools/Tgstation.Server.ReleaseNotes/Tgstation.Server.ReleaseNotes.csproj
 
+    - name: Read Current SHA # Can't rely on github.sha as it's for the base branch
+      id: get-pr-sha
+      run: echo "head_sha=$(git rev-parse HEAD)" >> $GITHUB_OUTPUT
+
     - name: Generate Temporary Branch to Reference Merge
       run: |
         git checkout -b ${{ github.event.pull_request.number }}-merge
@@ -103,7 +107,7 @@ jobs:
           }
 
     - name: Set CI Check Run (Pending)
-      run: dotnet release_notes_bins/Tgstation.Server.ReleaseNotes.dll --ci-check ${{ github.sha }} ${{ secrets.TGS_CI_GITHUB_APP_TOKEN_BASE64 }} Pending ${{ steps.dispatch.outputs.run-id }}
+      run: dotnet release_notes_bins/Tgstation.Server.ReleaseNotes.dll --ci-check ${{ steps.get-pr-sha.outputs.head_sha }} ${{ secrets.TGS_CI_GITHUB_APP_TOKEN_BASE64 }} Pending ${{ steps.dispatch.outputs.run-id }}
 
     - name: Delete Temporary Branch
       if: always()