diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 1e3186bf5158b5bd0a4e78dec9327a8679f3b3d1..90143be0b89666469813e247b1cc774af9ae89c0 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -11,7 +11,7 @@ unit-tests:
 vulnerability-scan:
   stage: "test"
   script:
-    - "ci-tools/vulnerability-scan security-report.txt"
+    - "ci-tools/vulnerability-scan security-report.json"
   artifacts:
     paths:
       - "security-report.txt"
diff --git a/ci-tools/vulnerability-scan b/ci-tools/vulnerability-scan
index 0a3a7762c7e86eae1259469d4da4ee81646bd748..48bf51e071a398f37565717a22b2066d3f905fbe 100755
--- a/ci-tools/vulnerability-scan
+++ b/ci-tools/vulnerability-scan
@@ -42,7 +42,7 @@ fi
 # (non-whitelisted errors).  3 indicates unexpected error so we let that
 # propagate.
 set +e
-nix-shell -p vulnix --run 'vulnix ./scan-target/' | tee "$OUTPUT"
+nix-shell -p vulnix --run 'vulnix --json ./scan-target/' | tee "$OUTPUT"
 vulnix_status=$?
 set -e