diff --git a/.github/workflows/snyk-scan.yml b/.github/workflows/snyk-scan.yml
index af713b2..03c46bb 100644
--- a/.github/workflows/snyk-scan.yml
+++ b/.github/workflows/snyk-scan.yml
@@ -24,10 +24,6 @@ jobs:
         with:
           args: --all-projects --sarif-file-output=snyk.sarif
 
-      - name: Replace "security-severity" "undefined" for license-related findings
-        run: |
-          sed -i 's/"security-severity": "undefined"/"security-severity": "0"/g' snyk.sarif
-
       - name: Check output file
         id: out-file
         run: |
@@ -36,6 +32,11 @@ jobs:
             echo "::set-output name=exists::false"
           fi
 
+      - name: Handle undefined security-severity
+        if: steps.out-file.outputs.exists == 'true'
+        run: |
+          sed -i 's/"security-severity": "undefined"/"security-severity": "0"/g' snyk.sarif
+
       - name: Upload result to GitHub Code Scanning
         if: steps.out-file.outputs.exists == 'true'
         uses: github/codeql-action/upload-sarif@v3