diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index f2c6421ccd..b4cc14885e 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -11,6 +11,8 @@ on:
       - .github/codeql-config.yml
       - .github/codeql-custom.qls
       - .github/workflows/codeql-analysis.yml
+      - .github/workflows/requirements.txt
+      - .github/workflows/unit_tests.sh
   # It takes the workflow approximately 30 minutes to analyze the code base
   # so it doesn't seem to make much sense to trigger it on every PR or commit.
   # It runs daily at 01:00 to avoid colliding with the Coverity workflow.
diff --git a/.github/workflows/unit_tests.sh b/.github/workflows/unit_tests.sh
index 5d9e9da562..37594cb95e 100755
--- a/.github/workflows/unit_tests.sh
+++ b/.github/workflows/unit_tests.sh
@@ -17,6 +17,7 @@ ADDITIONAL_DEPS=(
     libqrencode-dev
     libssl-dev
     libtss2-dev
+    libxkbcommon-dev
     libzstd-dev
     perl
     python3-libevdev