diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml
index ff092aa..8b0bad8 100644
--- a/.github/workflows/coverity.yml
+++ b/.github/workflows/coverity.yml
@@ -98,23 +98,23 @@ jobs:
       - name: Download and extract Coverity distribution if cache-miss
         if: steps.cache-pull-coverity-distribution.outputs.cache-hit != 'true'
         run: |
-          wget --quiet https://scan.coverity.com/download/linux64 --post-data "token=${{ secrets.COVERITY_TOKEN }}&project=${{ vars.COVERITY_PROJECT_URL_NAME }}" -O ${{ env.COVERITY }}.tgz
-          mkdir -p ${{ env.COVERITY }}
-          tar zxf ${{ env.COVERITY }}.tgz -C ${{ env.COVERITY }} --strip-components 1
+          wget --quiet https://scan.coverity.com/download/linux64 --post-data "token=${{ secrets.COVERITY_TOKEN }}&project=${{ vars.COVERITY_PROJECT_URL_NAME }}" -O ${RUNNER_TEMP}/${{ env.COVERITY }}.tgz
+          mkdir -p ${RUNNER_TEMP}/${{ env.COVERITY }}
+          tar zxf ${RUNNER_TEMP}/${{ env.COVERITY }}.tgz -C ${RUNNER_TEMP}/${{ env.COVERITY }} --strip-components 1
 
       - name: Wait for Coverity analysis slot
         run: |
           while true; do
-            curl -X POST -d version=${{ env.RELEASE_VERSION }} -d description="automated upload" -d email=${{ secrets.COVERITY_EMAIL }} -d token=${{ secrets.COVERITY_TOKEN }} -d file_name="${{ vars.COVERITY_PROJECT_URL_NAME }}.tgz" https://scan.coverity.com/projects/${{ vars.COVERITY_PROJECT_URL_ID }}/builds/init -o response;
+            curl -X POST -d version=${{ env.RELEASE_VERSION }} -d description="automated upload" -d email=${{ secrets.COVERITY_EMAIL }} -d token=${{ secrets.COVERITY_TOKEN }} -d file_name="${{ vars.COVERITY_PROJECT_URL_NAME }}.tgz" https://scan.coverity.com/projects/${{ vars.COVERITY_PROJECT_URL_ID }}/builds/init -o ${RUNNER_TEMP}/response;
 
-            if grep -q 'build submission quota' response; then
-              cat response
+            if grep -q 'build submission quota' ${RUNNER_TEMP}/response; then
+              cat ${RUNNER_TEMP}/response
               echo 'Giving up, submission quota met'
               exit 1
             fi;
 
-            if grep -q 'already in the queue' response; then
-              cat response
+            if grep -q 'already in the queue' ${RUNNER_TEMP}/response; then
+              cat ${RUNNER_TEMP}/response
               echo 'Waiting for 15 seconds and retrying'
               sleep 15
             else
@@ -124,18 +124,18 @@ jobs:
 
       - name: Compile Coverity
         run: |
-           ${{ env.COVERITY }}/bin/cov-build --dir cov-int mvn -Pbuild-nogenerate -B -Drevision=${{ env.RELEASE_VERSION }} -Dsha1= -Dchangelist= clean verify
-           tar czvf ${{ vars.COVERITY_PROJECT_URL_NAME }}.tgz cov-int
+           ${RUNNER_TEMP}/${{ env.COVERITY }}/bin/cov-build --dir cov-int mvn -Pbuild-nogenerate -B -Drevision=${{ env.RELEASE_VERSION }} -Dsha1= -Dchangelist= clean verify
+           tar czvf ${RUNNER_TEMP}/${{ vars.COVERITY_PROJECT_URL_NAME }}.tgz cov-int
 
       - name: Prepare response url
-        run: printf "RESPONSE_URL=%q\n" "$(jq -r '.url' response)" >> $GITHUB_ENV
+        run: printf "RESPONSE_URL=%q\n" "$(jq -r '.url' ${RUNNER_TEMP}/response)" >> $GITHUB_ENV
 
       - name: Upload to Coverity
         run: |
-          curl -X PUT --header 'Content-Type: application/json' --upload-file ${{ vars.COVERITY_PROJECT_URL_NAME }}.tgz ${{ env.RESPONSE_URL }}
+          curl -X PUT --header 'Content-Type: application/json' --upload-file ${RUNNER_TEMP}/${{ vars.COVERITY_PROJECT_URL_NAME }}.tgz ${{ env.RESPONSE_URL }}
 
       - name: Prepare build id
-        run: printf "COVERITY_BUILD_ID=%q\n" "$(jq -r '.build_id' response)" >> $GITHUB_ENV
+        run: printf "COVERITY_BUILD_ID=%q\n" "$(jq -r '.build_id' ${RUNNER_TEMP}/response)" >> $GITHUB_ENV
 
       - name: Build Coverity Submit URL
         run: printf 'COVERITY_SUBMIT_URL=%q/%s/builds/%s/enqueue' "https://scan.coverity.com/projects" "${{ vars.COVERITY_PROJECT_URL_ID }}" "${{ env.COVERITY_BUILD_ID }}" >> $GITHUB_ENV