diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml
index 11d5a2bbb7..1f58c7c550 100644
--- a/.github/workflows/test.yaml
+++ b/.github/workflows/test.yaml
@@ -156,13 +156,24 @@ jobs:
         uses: ./.github/actions/dev-env-setup
       - name: run app locally
         uses: ./.github/actions/local-app-run
-      - name: ZAP Base Scan
+      - name: ZAP Frontend Scan
         uses: zaproxy/action-baseline@v0.6.1
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
           docker_name: "owasp/zap2docker-stable"
           target: "http://localhost:3000/"
-          rules_file_name: ".zap/rules.tsv"
+          rules_file_name: ".zap/rules-frontend.tsv"
           cmd_options: "-a -d -T 5 -m 2"
-          issue_title: OWASP Baseline
+          issue_title: OWASP Baseline - Frontend
+          fail_action: false
+
+      - name: ZAP Backend Scan
+        uses: zaproxy/action-baseline@v0.6.1
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          docker_name: "owasp/zap2docker-stable"
+          target: "http://0.0.0.0:8000/"
+          rules_file_name: ".zap/rules-backend.tsv"
+          cmd_options: "-a -d -T 5 -m 2"
+          issue_title: OWASP Baseline - Backend
           fail_action: false