diff --git a/.github/workflows/govulncheck.yml b/.github/workflows/govulncheck.yml
new file mode 100644
index 00000000..df4a014e
--- /dev/null
+++ b/.github/workflows/govulncheck.yml
@@ -0,0 +1,21 @@
+---
+name: govulncheck
+on:
+  pull_request:
+  push:
+    branches:
+      - main
+      - master
+  schedule:
+    - cron: '33 2 * * *'
+
+permissions:
+  contents: read
+
+jobs:
+  govulncheck:
+    runs-on: ubuntu-latest
+    name: Run govulncheck
+    steps:
+      - id: govulncheck
+        uses: golang/govulncheck-action@31f7c5463448f83528bd771c2d978d940080c9fd # v1.0.4-unreleased
diff --git a/Makefile.common b/Makefile.common
index 6cd3320b..ef05881b 100644
--- a/Makefile.common
+++ b/Makefile.common
@@ -425,9 +425,3 @@ $(1)_precheck:
 		exit 1; \
 	fi
 endef
-
-govulncheck: install-govulncheck
-	govulncheck ./...
-
-install-govulncheck:
-	command -v govulncheck > /dev/null || go install golang.org/x/vuln/cmd/govulncheck@latest