diff --git a/main.tf b/main.tf
index ad89268..71a4bdb 100644
--- a/main.tf
+++ b/main.tf
@@ -237,7 +237,10 @@ EOT
 }
 
 resource "github_repository_file" "sansec_ecomscan_workflow" {
-  for_each            = var.repositories
+  for_each = {
+    for k, v in var.repositories : k => v
+    if !github_repository.repositories[k].archived
+  }
   repository          = github_repository.repositories[each.key].name
   branch              = github_repository.repositories[each.key].default_branch
   file                = ".github/workflows/sansec-ecomscan.yml"
@@ -274,10 +277,10 @@ jobs:
         env:
           ECOMSCAN_KEY: $${{ secrets.SANSEC_LICENSE_KEY }}
         run: |
-          output=$$(./ecomscan --no-auto-update --skip-database --deep --format=csv .)
-          if [ -n "$$output" ]; then
+          output=$(./ecomscan --no-auto-update --skip-database --deep --format=csv .)
+          if [ -n "$output" ]; then
             echo "Security issues found:"
-            echo "$$output"
+            echo "$output"
             exit 1
           fi
 EOT