diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index eb5e98aa..0cc1a04b 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -31,15 +31,21 @@ jobs:
     - name: Checkout repository
       uses: actions/checkout@v3
 
-    # Checkout sonic-mgmt-common repository which sonic-gnmi depends on.
+    # Checkout sonic-mgmt-common repository which is used by sonic-gnmi
     - name: Checkout sonic-mgmt-common repository
       uses: actions/checkout@v3
       with:
         repository: sonic-net/sonic-mgmt-common
-        # build requires sonic-mgmt-common to be in the same directory as sonic-gnmi.
-        path: ../sonic-mgmt-common
+        path: sonic-mgmt-common
+        # Checkout the branch that is being merged into
         ref: ${{ github.event.pull_request.base.ref }}
 
+    # Update go.mod to use local sonic-mgmt-common.
+    # This is the same hack used in the CI pipeline. See lgtm.yml.
+    # We should find a better way to do this.
+    - name: Update go.mod for sonic-mgmt-common
+      run: sed -i 's@replace github.com/Azure/sonic-mgmt-common => ../sonic-mgmt-common@replace github.com/Azure/sonic-mgmt-common => ./sonic-mgmt-common@g' go.mod
+
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
       uses: github/codeql-action/init@v2.1.29