diff --git a/.github/workflows/vulnerability-scan-build.yml b/.github/workflows/vulnerability-scan-build.yml
index 5471a3e0..bf191f30 100644
--- a/.github/workflows/vulnerability-scan-build.yml
+++ b/.github/workflows/vulnerability-scan-build.yml
@@ -3,6 +3,8 @@ run-name: CVE vulnerability scan of in-development images.
 env:
   REGISTRY: ghcr.io
 on:
+  # only using push during development because workflow_run will only work if the workflow is on the default branch.
+  push:
   workflow_run:
     workflows: ["Build and deploy Bay images"]
     types: [completed]
@@ -11,6 +13,7 @@ on:
 
 jobs:
   vulnerability-scan-build:
+    if: ${{ github.event.workflow_run.conclusion == 'success' }}
     runs-on: ubuntu-latest
     strategy:
       matrix: