diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index debd498..efb0bc4 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -13,7 +13,8 @@ jobs:
   analyse:
     name: Analyse
     runs-on: ubuntu-latest
-    if: "!contains(github.event.head_commit.message, '[ci skip]') && !contains(github.event.head_commit.message, '[skip ci]')"
+    # dependeabot has on push events only read-only access, but codeql requires write access
+    if: ${{ !(github.actor == 'dependabot[bot]' && contains(fromJSON('["push"]'), github.event_name)) }}
     steps:
     - uses: actions/checkout@v4
       with:
@@ -30,4 +31,4 @@ jobs:
     - name: Build
       run: mvn -B compile
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v3
\ No newline at end of file
+      uses: github/codeql-action/analyze@v3