diff --git a/.tekton/governance-policy-propagator-acm-213-pull-request.yaml b/.tekton/governance-policy-propagator-acm-213-pull-request.yaml
index 85561133..855473c2 100644
--- a/.tekton/governance-policy-propagator-acm-213-pull-request.yaml
+++ b/.tekton/governance-policy-propagator-acm-213-pull-request.yaml
@@ -32,6 +32,10 @@ spec:
       value: build/Dockerfile.rhtap
     - name: path-context
       value: .
+    - name: hermetic
+      value: "true"
+    - name: prefetch-input
+      value: '[{"type": "gomod", "path": "."},{"type": "rpm", "path": "."}]'
   pipelineSpec:
     description: |
       This pipeline is ideal for building multi-arch container images from a Containerfile while maintaining trust after pipeline customization.
@@ -181,6 +185,8 @@ spec:
             value: $(params.output-image).prefetch
           - name: ociArtifactExpiresAfter
             value: $(params.image-expires-after)
+          - name: dev-package-managers
+            value: "true"
         runAfter:
           - clone-repository
         taskRef:
diff --git a/.tekton/governance-policy-propagator-acm-213-push.yaml b/.tekton/governance-policy-propagator-acm-213-push.yaml
index 6bf1c61a..f0cb6abc 100644
--- a/.tekton/governance-policy-propagator-acm-213-push.yaml
+++ b/.tekton/governance-policy-propagator-acm-213-push.yaml
@@ -29,6 +29,10 @@ spec:
       value: build/Dockerfile.rhtap
     - name: path-context
       value: .
+    - name: hermetic
+      value: "true"
+    - name: prefetch-input
+      value: '[{"type": "gomod", "path": "."},{"type": "rpm", "path": "."}]'
   pipelineSpec:
     description: |
       This pipeline is ideal for building multi-arch container images from a Containerfile while maintaining trust after pipeline customization.
@@ -178,6 +182,8 @@ spec:
             value: $(params.output-image).prefetch
           - name: ociArtifactExpiresAfter
             value: $(params.image-expires-after)
+          - name: dev-package-managers
+            value: "true"
         runAfter:
           - clone-repository
         taskRef:
diff --git a/Makefile b/Makefile
index 59a3623c..ab92fbcf 100644
--- a/Makefile
+++ b/Makefile
@@ -102,7 +102,7 @@ gosec-scan: GOSEC_ARGS=-exclude G201
 
 .PHONY: build
 build:
-	CGO_ENABLED=1 go build -o build/_output/bin/$(IMG) main.go
+	CGO_ENABLED=1 go build -mod=readonly -o build/_output/bin/$(IMG) main.go
 
 ############################################################
 # images section
diff --git a/build/Dockerfile.rhtap b/build/Dockerfile.rhtap
index 2d62ec05..72e478d4 100644
--- a/build/Dockerfile.rhtap
+++ b/build/Dockerfile.rhtap
@@ -7,7 +7,6 @@ ENV COMPONENT=governance-policy-propagator
 ENV REPO_PATH=/go/src/github.com/stolostron/${COMPONENT}
 WORKDIR ${REPO_PATH}
 COPY . .
-RUN go mod vendor
 RUN make build
 
 # Stage 2: Copy the binaries from the image builder to the base image