diff --git a/.github/workflows/sdlc.yml b/.github/workflows/sdlc.yml
index b47c28b8..167ef79c 100644
--- a/.github/workflows/sdlc.yml
+++ b/.github/workflows/sdlc.yml
@@ -17,20 +17,7 @@ jobs:
       security-events: write
     steps:
       - uses: actions/checkout@v4
-
-      - name: Initialize CodeQL
-        uses: github/codeql-action/init@v3
-        with:
-          languages: 'java,javascript'  # Specify your project's languages
-
-      - name: CodeQL Autobuild
-        uses: github/codeql-action/autobuild@v3
       
-      - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@v3
-        with:
-          category: '/language-security-and-quality'  # Customize category if needed
-
   build:
     runs-on: ubuntu-latest
     permissions:
@@ -74,6 +61,19 @@ jobs:
         path: |
           target/billtracker-${{ env.PROJECT_VERSION }}.jar
 
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v3
+      with:
+        languages: 'java,javascript'  # Specify your project's languages
+
+    - name: CodeQL Autobuild
+      uses: github/codeql-action/autobuild@v3
+    
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v3
+      with:
+        category: '/language-security-and-quality'  # Customize category if needed
+
   publish_maven:
     if: github.event_name == 'release'
     runs-on: ubuntu-latest