diff --git a/pkg/scorecard.go b/pkg/scorecard.go
index cf81c23d..21268101 100644
--- a/pkg/scorecard.go
+++ b/pkg/scorecard.go
@@ -81,30 +81,29 @@ func (r *RepoURL) Set(s string) error {
 
 func RunScorecards(ctx context.Context, logger *zap.SugaredLogger,
 	repo RepoURL, checksToRun []checker.NamedCheck) <-chan Result {
-	// Use our custom roundtripper
-	rt := roundtripper.NewTransport(ctx, logger)
-
-	client := &http.Client{
-		Transport: rt,
-	}
-	ghClient := github.NewClient(client)
-	graphClient := githubv4.NewClient(client)
-
-	c := checker.Checker{
-		Ctx:         ctx,
-		Client:      ghClient,
-		HttpClient:  client,
-		Owner:       repo.Owner,
-		Repo:        repo.Repo,
-		GraphClient: graphClient,
-	}
-
 	resultsCh := make(chan Result)
 	wg := sync.WaitGroup{}
 	for _, check := range checksToRun {
 		check := check
 		wg.Add(1)
 		go func() {
+			// Use our custom roundtripper
+			rt := roundtripper.NewTransport(ctx, logger)
+
+			client := &http.Client{
+				Transport: rt,
+			}
+			ghClient := github.NewClient(client)
+			graphClient := githubv4.NewClient(client)
+
+			c := checker.Checker{
+				Ctx:         ctx,
+				Client:      ghClient,
+				HttpClient:  client,
+				Owner:       repo.Owner,
+				Repo:        repo.Repo,
+				GraphClient: graphClient,
+			}
 			defer wg.Done()
 			runner := checker.Runner{Checker: c}
 			r := runner.Run(check.Fn)
diff --git a/roundtripper/roundtripper.go b/roundtripper/roundtripper.go
index 046957f5..5fed227a 100644
--- a/roundtripper/roundtripper.go
+++ b/roundtripper/roundtripper.go
@@ -44,6 +44,8 @@ const (
 	BucketURL               = "BLOB_URL"
 )
 
+var counter int64
+
 // RateLimitRoundTripper is a rate-limit aware http.Transport for Github.
 type RateLimitRoundTripper struct {
 	Logger         *zap.SugaredLogger
@@ -51,13 +53,16 @@ type RateLimitRoundTripper struct {
 }
 
 type RoundRobinTokenSource struct {
-	counter      int64
 	AccessTokens []string
+	log          *zap.SugaredLogger
 }
 
 func (r *RoundRobinTokenSource) Token() (*oauth2.Token, error) {
-	c := atomic.AddInt64(&r.counter, 1)
-	index := c % int64(len(r.AccessTokens))
+	c := atomic.AddInt64(&counter, 1)
+	// not locking it because it is never modified
+	l := len(r.AccessTokens)
+	index := c % int64(l)
+	r.log.Infof("using token %d of total %d.", index, l)
 	return &oauth2.Token{
 		AccessToken: r.AccessTokens[index],
 	}, nil
@@ -70,6 +75,7 @@ func NewTransport(ctx context.Context, logger *zap.SugaredLogger) http.RoundTrip
 	if token := os.Getenv(GithubAuthToken); token != "" {
 		ts := &RoundRobinTokenSource{
 			AccessTokens: strings.Split(token, ","),
+			log:          logger,
 		}
 		transport = oauth2.NewClient(ctx, ts).Transport
 	} else if keyPath := os.Getenv(GithubAppKeyPath); keyPath != "" { // Also try a GITHUB_APP
@@ -171,5 +177,6 @@ func (gh *RateLimitRoundTripper) RoundTrip(r *http.Request) (*http.Response, err
 		gh.Logger.Warnf("Rate limit exceeded. Retrying...")
 		return gh.RoundTrip(r)
 	}
+
 	return resp, nil
 }