diff --git a/scripts/security/gitea-authenticated-inventory-payload-validator.py b/scripts/security/gitea-authenticated-inventory-payload-validator.py
index c41bdc43..8f7528a2 100644
--- a/scripts/security/gitea-authenticated-inventory-payload-validator.py
+++ b/scripts/security/gitea-authenticated-inventory-payload-validator.py
@@ -48,6 +48,7 @@ SECRET_PATTERNS = {
     "token_assignment": re.compile(r"\btoken\s*[:=]\s*[^,\s]+", re.IGNORECASE),
 }
 SECRET_QUERY_KEYS = {"access_token", "auth", "key", "password", "secret", "token"}
+ROOT = Path(__file__).resolve().parents[2]
 
 
 def parse_args() -> argparse.Namespace:
@@ -57,7 +58,7 @@ def parse_args() -> argparse.Namespace:
     parser.add_argument(
         "--input",
         type=Path,
-        default=Path("docs/security/gitea-repo-inventory.snapshot.json"),
+        default=ROOT / "docs/security/gitea-repo-inventory.snapshot.json",
         help="Payload JSON to validate.",
     )
     parser.add_argument("--output", type=Path, help="Write validation JSON here.")