diff --git a/.github/workflows/security-scan.yml b/.github/workflows/security-scan.yml
index 830b2667..7c59b074 100644
--- a/.github/workflows/security-scan.yml
+++ b/.github/workflows/security-scan.yml
@@ -34,7 +34,7 @@ jobs:
         run: |
           go install github.com/securego/gosec/v2/cmd/gosec@latest
           # exclude ent/ — auto-generated ORM code, not subject to manual security review
-          gosec -conf .gosec.json -severity high -confidence high -exclude-dir=ent ./...
+          gosec -conf .gosec.json -severity high -confidence high -exclude-generated -exclude-dir=ent ./...
 
   frontend-security:
     runs-on: ubuntu-latest