diff --git a/.github/workflows/test-govulncheck.yml b/.github/workflows/test-govulncheck.yml
new file mode 100644
index 000000000..f90898533
--- /dev/null
+++ b/.github/workflows/test-govulncheck.yml
@@ -0,0 +1,47 @@
+name: Govulncheck
+
+on:
+  push:
+    branches:
+      - main
+    paths:
+      - "**.go"
+  pull_request:
+    paths:
+      - "**.go"
+
+# Abort runs of *this* workflow, if a new commit with the same ref is pushed.
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: ${{ github.ref != 'refs/heads/main' }}
+
+jobs:
+  govulncheck:
+    name: govulncheck
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b
+
+      - name: Install Dependencies
+        run: sudo apt-get update && sudo apt-get -y install libcryptsetup-dev libvirt-dev
+
+      - name: Setup Go environment
+        uses: actions/setup-go@268d8c0ca0432bb2cf416faae41297df9d262d7f
+        with:
+          go-version: "1.19.1"
+          cache: true
+
+      - name: Get Go submodules
+        id: submods
+        shell: bash
+        run: |
+          mods=$(go list -f '{{.Dir}}/...' -m | xargs)
+          echo "Found mods: $mods"
+          echo "::set-output name=submods::${mods}"
+
+      - name: Govulncheck
+        shell: bash
+        run: |
+          go install golang.org/x/vuln/cmd/govulncheck@latest
+          GOMEMLIMIT=5GiB govulncheck $(go list -f '{{.Dir}}/...' -m | xargs)