diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 34bb4205135..daf22ddae99 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -634,10 +634,11 @@ ecr-scan-review-app:
 ecr-scan-ci:
   extends: .container_scan_template
   rules:
-    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
-    - if: $CI_COMMIT_BRANCH != $CI_DEFAULT_BRANCH
-    - if: $CI_PIPELINE_SOURCE != "merge_request_event"
-      when: never
+    - if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH || $CI_PIPELINE_SOURCE == "merge_request_event" || $CI_PIPELINE_SOURCE == "external_pull_request_event" || $CI_PIPELINE_SOURCE == "web"'
+      changes:
+        compare_to: 'refs/heads/main'
+        paths:
+        - dockerfiles/idp_ci.Dockerfile
   needs:
     - job: build-ci-image
   stage: scan