diff --git a/.github/workflows/dependencies.yml b/.github/workflows/dependencies.yml
deleted file mode 100644
index a823c099..00000000
--- a/.github/workflows/dependencies.yml
+++ /dev/null
@@ -1,28 +0,0 @@
-name: "Dependency Review"
-on: pull_request
-
-permissions:
-  contents: read
-
-jobs:
-  dependency-review:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/setup-go@v5
-        with:
-          go-version: 1.19
-          check-latest: true
-      - name: "Checkout Repository"
-        uses: actions/checkout@v3
-      - uses: technote-space/get-diff-action@v6.1.2
-        with:
-          PATTERNS: |
-            **/**.go
-            go.mod
-            go.sum
-      - name: "Dependency Review"
-        uses: actions/dependency-review-action@v3
-        if: env.GIT_DIFF
-      - name: "Go vulnerability check"
-        run: make vulncheck
-        if: env.GIT_DIFF
diff --git a/.github/workflows/govulncheck.yml b/.github/workflows/govulncheck.yml
new file mode 100644
index 00000000..e0403ea3
--- /dev/null
+++ b/.github/workflows/govulncheck.yml
@@ -0,0 +1,31 @@
+name: 'Go vulnerability check'
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+    branches:
+      - '*'
+
+permissions:
+  contents: read
+
+jobs:
+  dependency-review:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Run govulncheck
+        id: govulncheck
+        uses: golang/govulncheck-action@v1
+        with:
+          check-latest: true
+          go-version-input: 1.22
+          go-package: ./...
+          output-format: sarif
+          output-file: govulncheck.sarif
+
+      - name: Upload SARIF file
+        uses: github/codeql-action/upload-sarif@v3
+        with:
+          sarif_file: govulncheck.sarif