diff --git a/.github/workflows/security-scan.yml b/.github/workflows/security-scan.yml
index 781446dd..fd0c7a41 100644
--- a/.github/workflows/security-scan.yml
+++ b/.github/workflows/security-scan.yml
@@ -32,7 +32,7 @@ jobs:
         working-directory: backend
         run: |
           go install github.com/securego/gosec/v2/cmd/gosec@latest
-          gosec -conf .gosec.yaml -severity high -confidence high ./...
+          gosec -conf .gosec.json -severity high -confidence high ./...
 
   frontend-security:
     runs-on: ubuntu-latest
diff --git a/backend/.gosec.json b/backend/.gosec.json
new file mode 100644
index 00000000..b34e140c
--- /dev/null
+++ b/backend/.gosec.json
@@ -0,0 +1,5 @@
+{
+  "global": {
+    "exclude": "G704"
+  }
+}
diff --git a/backend/.gosec.yaml b/backend/.gosec.yaml
deleted file mode 100644
index 8d27715a..00000000
--- a/backend/.gosec.yaml
+++ /dev/null
@@ -1,7 +0,0 @@
-global:
-  # Exclude G704 (SSRF via taint analysis) - this is an API gateway platform
-  # that by design proxies requests to configurable upstream services.
-  # All upstream URLs are sourced from admin-configured settings or known
-  # third-party API endpoints, not from end-user input.
-  exclude:
-    - G704