diff --git a/action.yaml b/action.yaml
index 1d16b26d..1a4cecc6 100644
--- a/action.yaml
+++ b/action.yaml
@@ -80,7 +80,7 @@ runs:
       shell: bash
       if: ${{ inputs.debug == 'true' }}
       run: |
-          echo "LW_LOG=debug" >> $GITHUB_ENV
+        echo "LW_LOG=debug" >> $GITHUB_ENV
     - if: steps.cache.outputs.cache-hit != 'true'
       shell: bash
       run: |
diff --git a/src/index.ts b/src/index.ts
index a7441dfb..0d95c54d 100644
--- a/src/index.ts
+++ b/src/index.ts
@@ -1,11 +1,12 @@
 import { error, getInput, info, setOutput, warning } from '@actions/core'
-import { existsSync, appendFileSync } from 'fs'
+import { appendFileSync, existsSync } from 'fs'
 import {
   downloadArtifact,
   postCommentIfInPr,
   resolveExistingCommentIfFound,
   uploadArtifact,
 } from './actions'
+import { downloadKeys, trustedKeys } from './keys'
 import { compareResults, createPRs, printResults } from './tool'
 import {
   autofix,
@@ -15,12 +16,10 @@ import {
   getActionRef,
   getMsSinceStart,
   getOptionalEnvVariable,
-  getOrDefault,
   getRequiredEnvVariable,
   getRunUrl,
   telemetryCollector,
 } from './util'
-import { downloadKeys, trustedKeys } from './keys'
 
 const scaSarifReport = 'scaReport/output.sarif'
 const scaReport = 'sca.sarif'
@@ -60,7 +59,6 @@ async function runAnalysis() {
     'ci',
     '--keyring',
     trustedKeys,
-    '--secret',
   ]
   if (indirectDeps.toLowerCase() === 'false') {
     args.push('--eval-direct-only')