diff --git a/.tekton/assisted-service-saas-hotfix-pull-request.yaml b/.tekton/assisted-service-saas-hotfix-pull-request.yaml
index 76701699c7f3..8ff887c9e568 100644
--- a/.tekton/assisted-service-saas-hotfix-pull-request.yaml
+++ b/.tekton/assisted-service-saas-hotfix-pull-request.yaml
@@ -347,9 +347,9 @@ spec:
     - name: sast-snyk-check
       params:
       - name: ARGS
-        value: "--project-name=assisted-service --report --org=3e6fd93b-b325-49dd-8a33-432a0160ab66"
+        value: --project-name=assisted-service --report --org=3e6fd93b-b325-49dd-8a33-432a0160ab66
       - name: IGNORE_FILE_PATHS
-        value: "tools/wait_for_assisted_service.py,tools/deploy_wiremock.py"
+        value: tools/wait_for_assisted_service.py,tools/deploy_wiremock.py
       runAfter:
       - clone-repository
       taskRef:
@@ -526,7 +526,6 @@ spec:
       runAfter:
       - build-container
       taskRef:
-        resolver: bundles
         params:
         - name: name
           value: rpms-signature-scan
@@ -534,11 +533,13 @@ spec:
           value: quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan:0.2@sha256:998b5466417c324aea94d3e8b302c558aeb13f746976d89a4ff85f1b84a42c2b
         - name: kind
           value: task
+        resolver: bundles
     workspaces:
     - name: workspace
     - name: git-auth
       optional: true
-  taskRunTemplate: {}
+  taskRunTemplate:
+    serviceAccountName: build-pipeline-assisted-service-saas-hotfix
   workspaces:
   - name: workspace
     volumeClaimTemplate:
@@ -554,4 +555,4 @@ spec:
   - name: git-auth
     secret:
       secretName: '{{ git_auth_secret }}'
-status: {}
\ No newline at end of file
+status: {}
diff --git a/.tekton/assisted-service-saas-hotfix-push.yaml b/.tekton/assisted-service-saas-hotfix-push.yaml
index 8fbb09be073f..5746f2092dbc 100644
--- a/.tekton/assisted-service-saas-hotfix-push.yaml
+++ b/.tekton/assisted-service-saas-hotfix-push.yaml
@@ -344,9 +344,9 @@ spec:
     - name: sast-snyk-check
       params:
       - name: ARGS
-        value: "--project-name=assisted-service --report --org=3e6fd93b-b325-49dd-8a33-432a0160ab66"
+        value: --project-name=assisted-service --report --org=3e6fd93b-b325-49dd-8a33-432a0160ab66
       - name: IGNORE_FILE_PATHS
-        value: "tools/wait_for_assisted_service.py,tools/deploy_wiremock.py"
+        value: tools/wait_for_assisted_service.py,tools/deploy_wiremock.py
       runAfter:
       - clone-repository
       taskRef:
@@ -523,7 +523,6 @@ spec:
       runAfter:
       - build-container
       taskRef:
-        resolver: bundles
         params:
         - name: name
           value: rpms-signature-scan
@@ -531,11 +530,13 @@ spec:
           value: quay.io/konflux-ci/tekton-catalog/task-rpms-signature-scan:0.2@sha256:998b5466417c324aea94d3e8b302c558aeb13f746976d89a4ff85f1b84a42c2b
         - name: kind
           value: task
+        resolver: bundles
     workspaces:
     - name: workspace
     - name: git-auth
       optional: true
-  taskRunTemplate: {}
+  taskRunTemplate:
+    serviceAccountName: build-pipeline-assisted-service-saas-hotfix
   workspaces:
   - name: workspace
     volumeClaimTemplate:
@@ -551,4 +552,4 @@ spec:
   - name: git-auth
     secret:
       secretName: '{{ git_auth_secret }}'
-status: {}
\ No newline at end of file
+status: {}