diff --git a/pipelines/pull-requests/pipeline.yml b/pipelines/pull-requests/pipeline.yml
index 09fd58790..08084a505 100644
--- a/pipelines/pull-requests/pipeline.yml
+++ b/pipelines/pull-requests/pipeline.yml
@@ -636,6 +636,9 @@ jobs:
               tag: alpine
           inputs:
             - name: pinniped-modules
+          params:
+            SONATYPE_API_KEY: ((sonatype-api-key))
+            SONATYPE_USERNAME: ((sonatype-username))
           run:
             path: 'sh'
             args:
@@ -664,7 +667,10 @@ jobs:
 
                 EOF
 
-                nancy sleuth --exclude-vulnerability-file=exclusions.txt < pinniped-modules/modules.json
+                cat pinniped-modules/modules.json | nancy sleuth \
+                  --exclude-vulnerability-file=exclusions.txt \
+                  --token ${SONATYPE_API_KEY} \
+                  --username ${SONATYPE_USERNAME}
 
   - name: run-go-vuln-scan
     on_success: { <<: *pr-status-on-success, params: { <<: *pr-status-on-success-params, context: run-go-vuln-scan } }
diff --git a/pipelines/security-scan/pipeline.yml b/pipelines/security-scan/pipeline.yml
index 146a157ac..6facb0201 100644
--- a/pipelines/security-scan/pipeline.yml
+++ b/pipelines/security-scan/pipeline.yml
@@ -173,6 +173,9 @@ jobs:
               tag: alpine
           inputs:
             - name: pinniped-modules
+          params:
+            SONATYPE_API_KEY: ((sonatype-api-key))
+            SONATYPE_USERNAME: ((sonatype-username))
           run:
             path: 'sh'
             args:
@@ -195,7 +198,10 @@ jobs:
                 CVE-2020-8561
                 EOF
 
-                nancy sleuth --exclude-vulnerability-file=exclusions.txt < pinniped-modules/modules.json
+                cat pinniped-modules/modules.json | nancy sleuth \
+                  --exclude-vulnerability-file=exclusions.txt \
+                  --token ${SONATYPE_API_KEY} \
+                  --username ${SONATYPE_USERNAME}
 
   - name: trivy-release
     public: true # all logs are publicly visible