diff --git a/templates/gitlab-ci-gitleaks.yml b/templates/gitlab-ci-gitleaks.yml
index 0e93820cd5d1664cd5ba9a0bc90c1d023ab587cb..1e8b34b3af698c0f44a67fe9f020e06147da4b67 100644
--- a/templates/gitlab-ci-gitleaks.yml
+++ b/templates/gitlab-ci-gitleaks.yml
@@ -28,8 +28,11 @@ spec:
 ---
 workflow:
   rules:
-    # prevent branch pipeline when an MR is open (prefer MR pipeline)
-    - if: '$CI_COMMIT_BRANCH && $CI_OPEN_MERGE_REQUESTS'
+    # prevent MR pipeline originating from production or integration branch(es)
+    - if: '$CI_MERGE_REQUEST_SOURCE_BRANCH_NAME =~ $PROD_REF || $CI_MERGE_REQUEST_SOURCE_BRANCH_NAME =~ $INTEG_REF'
+      when: never
+    # on non-prod, non-integration branches: prefer MR pipeline over branch pipeline
+    - if: '$CI_COMMIT_BRANCH && $CI_OPEN_MERGE_REQUESTS && $CI_COMMIT_REF_NAME !~ $PROD_REF && $CI_COMMIT_REF_NAME !~ $INTEG_REF'
       when: never
     - if: '$CI_COMMIT_MESSAGE =~ "/\[(ci skip|skip ci) on ([^],]*,)*tag(,[^],]*)*\]/" && $CI_COMMIT_TAG'
       when: never