diff --git a/.github/codeql/config.yml b/.github/codeql/config.yml
deleted file mode 100644
index 1402d55d8b..0000000000
--- a/.github/codeql/config.yml
+++ /dev/null
@@ -1,4 +0,0 @@
-name: "OpenLayers CodeQL Config"
-
-paths:
-  - src
diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml
index 5a724445b4..520e42e574 100644
--- a/.github/workflows/security.yml
+++ b/.github/workflows/security.yml
@@ -15,20 +15,13 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - name: Checkout repository
-        uses: actions/checkout@v2
-        with:
-          # Must fetch at least the immediate parents so that if this is
-          # a pull request then we can checkout the head of the pull request.
-          # Only include this option if you are running this workflow on pull requests.
-          fetch-depth: 2
+      - uses: actions/checkout@v2
 
-      # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
         uses: github/codeql-action/init@v1
         with:
           languages: javascript
-          config-file: ./.github/codeql/config.yml
+          source-root: src
 
       - name: Perform CodeQL Analysis
         uses: github/codeql-action/analyze@v1