diff --git a/lib/add.js b/lib/add.js
index 1af7f54..ca4167a 100644
--- a/lib/add.js
+++ b/lib/add.js
@@ -133,7 +133,7 @@ module.exports = class CapOperatorAddPlugin extends cds.add.Plugin {
             const xsuaaaYaml = yaml.parse(Mustache.render( await read(join(__dirname, '../files/xsuaa.yaml.hbs')), project))
             await cds.add.merge(xsuaaaYaml).into(valuesYaml)
 
-            await merge(__dirname, '../files/xs-security.json.hbs').into('xs-security.json', {
+            await cds.add.merge(__dirname, '../files/xs-security.json.hbs').into('xs-security.json', {
                 project,
                 additions: [{ in: 'scopes', where: { name: '$XSAPPNAME.Callback' }}]
               })
diff --git a/test/add.test.js b/test/add.test.js
index c2ad8d4..375dd12 100644
--- a/test/add.test.js
+++ b/test/add.test.js
@@ -35,6 +35,9 @@ describe('cds add cap-operator', () => {
         expect(getFileHash(join(__dirname,'files/expectedChart/Chart.yaml'))).to.equal(getFileHash(join(bookshop, 'chart/Chart.yaml')))
         expect(getFileHash(join(__dirname,'files/expectedChart/values.schema.json'))).to.equal(getFileHash(join(bookshop, 'chart/values.schema.json')))
         expect(getFileHash(join(__dirname,'files/expectedChart/values.yaml'))).to.equal(getFileHash(join(bookshop, 'chart/values.yaml')))
+
+        // Check changes to xs-security.json
+        expect(getFileHash(join(__dirname,'files/xs-security.json'))).to.equal(getFileHash(join(bookshop, 'xs-security.json')))
     })
 
     it('Add cap-operator chart with force', async () => {
diff --git a/test/files/xs-security.json b/test/files/xs-security.json
new file mode 100644
index 0000000..e9fdd16
--- /dev/null
+++ b/test/files/xs-security.json
@@ -0,0 +1,21 @@
+{
+  "scopes": [
+    {
+      "name": "$XSAPPNAME.mtcallback",
+      "description": "Subscription via SaaS Registry",
+      "grant-as-authority-to-apps": [
+        "$XSAPPNAME(application,sap-provisioning,tenant-onboarding)"
+      ]
+    },
+    {
+      "name": "$XSAPPNAME.Callback",
+      "description": "Subscription via SaaS Registry for CAP Operator",
+      "grant-as-authority-to-apps": [
+        "$XSAPPNAME(application,sap-provisioning,tenant-onboarding)"
+      ]
+    }
+  ],
+  "attributes": [],
+  "role-templates": [],
+  "authorities-inheritance": false
+}