diff --git a/.github/workflows/internal-release-candidate.yml b/.github/workflows/internal-release-candidate.yml
index 00ffd9a..30cb0a2 100644
--- a/.github/workflows/internal-release-candidate.yml
+++ b/.github/workflows/internal-release-candidate.yml
@@ -58,6 +58,15 @@ jobs:
             ghcr.io/solacedev/pubsubplus-prometheus-exporter:${{ github.event.inputs.release_tag }}
           push: true
 
+      - name: Run Whitesource Action
+        uses: SolaceDev/Mend-Scan-GHA@v1.0.0
+        with:
+          wssURL: https://saas.whitesourcesoftware.com/agent
+          apiKey: ${{ secrets.WSS_API_KEY }}
+          productName: 'pubsubplus-prometheus-exporter'
+          projectName: 'pubsubplus-prometheus-exporter'
+          configFile: 'ci/whitesource/whitesource-agent.config'
+
       - name: Set up Docker Buildx
         id: buildx
         uses: docker/setup-buildx-action@v2
@@ -101,15 +110,6 @@ jobs:
             gcr.io/${{ env.GCLOUD_PROJECT_ID_DEV }}/pubsubplus-prometheus-exporter:${{ github.event.inputs.release_tag }}
           push: true
 
-      - name: Run Whitesource Action
-        uses: SolaceDev/Mend-Scan-GHA@v1.0.0
-        with:
-          wssURL: https://saas.whitesourcesoftware.com/agent
-          apiKey: ${{ secrets.WSS_API_KEY }}
-          productName: 'pubsubplus-prometheus-exporter'
-          projectName: 'pubsubplus-prometheus-exporter'
-          configFile: 'ci/whitesource/whitesource-agent.config'
-
       - name: Run Trivy vulnerability scanner
         uses: aquasecurity/trivy-action@master
         with: