diff --git a/.github/workflows/build-and-test.yaml b/.github/workflows/build-and-test.yaml
index a31d4b3..92ea6f7 100644
--- a/.github/workflows/build-and-test.yaml
+++ b/.github/workflows/build-and-test.yaml
@@ -236,6 +236,7 @@ jobs:
         push-to-registry: true
 
   scan:
+    needs: deploy
     permissions:
       security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
       actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status