diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
index 4a2254b02..939c9cbda 100644
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -134,6 +134,12 @@ jobs:
           GOTOOLCHAIN: 'auto'
           GOFLAGS: '-buildvcs=false'
 
+      - name: Run Govulncheck Security Scanner
+        run: govulncheck ./...
+        env:
+          GOTOOLCHAIN: 'auto'
+          GOFLAGS: '-buildvcs=false'
+
   release:
     runs-on: windows-latest
     needs: [build-and-test, sast-scan]
diff --git a/Taskfile.yaml b/Taskfile.yaml
index 996730c96..ff7770f06 100644
--- a/Taskfile.yaml
+++ b/Taskfile.yaml
@@ -54,7 +54,9 @@ tasks:
     desc: Scan for security vulnerabilities
     cmds:
       - go install github.com/securego/gosec/v2/cmd/gosec@latest
+      - go install golang.org/x/vuln/cmd/govulncheck@latest
       - gosec ./...
+      - govulncheck ./...
 
   run:
     desc: Run the Windsor CLI
diff --git a/aqua.yaml b/aqua.yaml
index 0b22807b9..f6f485596 100644
--- a/aqua.yaml
+++ b/aqua.yaml
@@ -31,3 +31,4 @@ packages:
 - name: aws/aws-cli@2.32.33
 - name: twistedpair/google-cloud-sdk@551.0.0
 - name: opentofu/opentofu@v1.11.1
+- name: golang/vuln/govulncheck@v1.1.4