diff --git a/.github/workflows/scorecards-analysis.yml b/.github/workflows/scorecards-analysis.yml
index 03682a7fa5a3c..5bdab6cb3476d 100644
--- a/.github/workflows/scorecards-analysis.yml
+++ b/.github/workflows/scorecards-analysis.yml
@@ -11,7 +11,7 @@ permissions: read-all
 jobs:
   vuln-scan:
     name: Vulnerability scanning
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-20.04
     if: ${{ github.repository == 'flutter/engine' }}
     steps:
       - name: "Checkout code"