diff --git a/.github/workflows/go_app_pull_requests.yml b/.github/workflows/go_app_pull_requests.yml
index af87a1c..386531f 100644
--- a/.github/workflows/go_app_pull_requests.yml
+++ b/.github/workflows/go_app_pull_requests.yml
@@ -101,6 +101,38 @@ jobs:
         uses: codecov/codecov-action@v4
         with:
           token: ${{ secrets.CODECOV_TOKEN }}
+  vulnerabilities:
+    #
+    # ensure go standards and tests pass
+    #
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        # List of go versions to test on.
+        go: ['^1']
+    steps:
+      # Checkout go code to test.
+      - name: Checkout repo
+        uses: actions/checkout@v3
+      # Setup Go for each version in the matrix.
+      - name: Setup Go
+        uses: actions/setup-go@v3
+        with:
+          go-version: ${{ matrix.go }}
+      # Use auth to get access to private Git repos for Go code dependencies.
+      - name: Configure git for private modules
+        env:
+          TOKEN: ${{ secrets.GH_CI_PAT }}
+          GITHUB_USERNAME: ${{ inputs.GH_CI_USER }}
+        run: git config --global url."https://${GITHUB_USERNAME}:${TOKEN}@github.com".insteadOf
+          "https://github.com"
+      # Install govulncheck
+      - id: install-govulncheck
+        run: go install golang.org/x/vuln/cmd/govulncheck@latest
+      # Run govulncheck for every Go module
+      - id: govulncheck
+        run: find . -name vendor -prune -o -name go.mod -print | xargs -n1 dirname
+          | xargs -n1 -I{} bash -c "pushd {}; govulncheck ./..."
   docker-build:
     #
     # ensures the docker image will build without pushing to the registry
diff --git a/.github/workflows/go_lib_pull_requests.yml b/.github/workflows/go_lib_pull_requests.yml
index cf6e87d..2d39cce 100644
--- a/.github/workflows/go_lib_pull_requests.yml
+++ b/.github/workflows/go_lib_pull_requests.yml
@@ -109,4 +109,37 @@ jobs:
       - name: Upload test coverage results to Codecov
         uses: codecov/codecov-action@v4
         with:
-          token: ${{ secrets.CODECOV_TOKEN }}
\ No newline at end of file
+          token: ${{ secrets.CODECOV_TOKEN }}
+  vulnerabilities:
+    #
+    # ensure go standards and tests pass
+    #
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        # List of go versions to test on.
+        go: ["^1"]
+    steps:
+      # Checkout go code to test.
+      - name: Checkout repo
+        uses: actions/checkout@v3
+      # Setup Go for each version in the matrix.
+      - name: Setup Go
+        uses: actions/setup-go@v3
+        with:
+          go-version: ${{ matrix.go }}
+      # Use auth to get access to private Git repos for Go code dependencies.
+      - name: Configure git for private modules
+        env:
+          TOKEN: ${{ secrets.GH_CI_PAT }}
+          GITHUB_USERNAME: ${{ inputs.GH_CI_USER }}
+        run:
+          git config --global url."https://${GITHUB_USERNAME}:${TOKEN}@github.com".insteadOf
+          "https://github.com"
+      # Install govulncheck
+      - id: install-govulncheck
+        run: go install golang.org/x/vuln/cmd/govulncheck@latest
+      # Run govulncheck for every Go module
+      - id: govulncheck
+        run: find . -name vendor -prune -o -name go.mod -print | xargs -n1 dirname
+          | xargs -n1 -I{} bash -c "pushd {}; govulncheck ./..."