diff --git a/.github/workflows/govulnfix.yml b/.github/workflows/govulnfix.yml
index 3aec087..3ae0950 100644
--- a/.github/workflows/govulnfix.yml
+++ b/.github/workflows/govulnfix.yml
@@ -29,9 +29,6 @@ jobs:
       - name: Install govulncheck
         run: go install golang.org/x/vuln/cmd/govulncheck@latest
 
-      - name: Install vulnfix
-        run: go install github.com/hamba/vulnfix@latest
-
       # govulncheck exits 3 when vulnerabilities are found; we want to continue to vulnfix, so we ignore the exit code.
       - name: Run govulncheck
         run: |
@@ -46,6 +43,9 @@ jobs:
           check-latest: true
           cache: false
 
+      - name: Install vulnfix
+        run: go install github.com/hamba/vulnfix@latest
+
       - name: Run vulnfix
         run: vulnfix -o /tmp/vuln.md < /tmp/govulncheck-output.json