diff --git a/.github/workflows/artifacts.yaml b/.github/workflows/artifacts.yaml
index 2ed3587b..372c812c 100644
--- a/.github/workflows/artifacts.yaml
+++ b/.github/workflows/artifacts.yaml
@@ -143,7 +143,7 @@ jobs:
         run: echo "value=${{ steps.image-name.outputs.value }}@${{ steps.build.outputs.digest }}" >> "$GITHUB_OUTPUT"
 
       - name: Fetch image
-        run: skopeo --insecure-policy copy docker://${{ steps.image-ref.outputs.value }} docker-archive:image.tar
+        run: skopeo --insecure-policy copy docker://${{ steps.image-ref.outputs.value }} docker-archive:docker-image.tar
 
       # Uncomment the following lines for debugging:
       # - name: Upload image as artifact
@@ -155,13 +155,16 @@ jobs:
       - name: Extract tarball
         run: |
           mkdir -p image
-          tar -xf image.tar -C image
+          tar -xf docker-image.tar -C docker-image
 
       - name: Debug - list extracted files
         run: |
           ls -la image/
           find image -type f | head -20
 
+          ls -la docker-image/
+          find docker-image -type f | head -20
+
       # - name: List tags
       #   run: skopeo --insecure-policy list-tags oci:image
       #
@@ -211,7 +214,7 @@ jobs:
       - name: Run Trivy vulnerability scanner
         uses: aquasecurity/trivy-action@c1824fd6edce30d7ab345a9989de00bbd46ef284 # 0.34.0
         with:
-          input: image
+          input: docker-image
           format: sarif
           output: trivy-results.sarif
           scan-type: "fs"