diff --git a/.github/workflows/vulnerability-scan.yml b/.github/workflows/vulnerability-scan.yml
index 54f440f1..01686e81 100644
--- a/.github/workflows/vulnerability-scan.yml
+++ b/.github/workflows/vulnerability-scan.yml
@@ -35,17 +35,23 @@ jobs:
         run: echo "matrix=$MATRIX" >> $GITHUB_OUTPUT
     outputs:
         matrix: ${{ steps.setup-matrix.outputs.matrix }}
-  vulnerability-scan:
+  set-sha-ref:
     runs-on: ubuntu-latest
-    needs: setup-matrix
-    strategy:
-      matrix: ${{ fromJson(needs.setup-matrix.outputs.matrix) }}
     steps:
       - name: checkout
         id: checkout
         uses: actions/checkout@main
         with:
           ref: ${{ github.event.inputs.tag }}
+    outputs:
+      ref: ${{ steps.checkout.outputs.ref }}
+      commit: ${{ steps.checkout.outputs.commit }}
+  vulnerability-scan:
+    runs-on: ubuntu-latest
+    needs: [setup-matrix, set-sha-ref]
+    strategy:
+      matrix: ${{ fromJson(needs.setup-matrix.outputs.matrix) }}
+    steps:
       - name: Scan for vulnerabilities
         id: scan
         uses: crazy-max/ghaction-container-scan@v3
@@ -57,5 +63,5 @@ jobs:
         uses: github/codeql-action/upload-sarif@v3
         with:
           sarif_file: ${{ steps.scan.outputs.sarif }}
-          ref: ${{ steps.checkout.outputs.ref }}
-          sha: ${{ steps.checkout.outputs.commit }}
+          ref: ${{ needs.set-sha-ref.outputs.ref }}
+          sha: ${{ needs.set-sha-ref.outputs.commit }}