diff --git a/tekton/publish.yaml b/tekton/publish.yaml
index 006e3a9a53b..9f20c321761 100644
--- a/tekton/publish.yaml
+++ b/tekton/publish.yaml
@@ -111,6 +111,8 @@ spec:
       value: /workspace/go
     - name: GO111MODULE
       value: "off"
+    - name: GOFLAGS
+      value: "-mod=vendor"
     - name: CLOUDSDK_AUTH_CREDENTIAL_FILE_OVERRIDE
       value: /secret/release.json
     script: |
diff --git a/tekton/release-pipeline.yaml b/tekton/release-pipeline.yaml
index 7a8b0e2a004..c9c1a4ea35d 100644
--- a/tekton/release-pipeline.yaml
+++ b/tekton/release-pipeline.yaml
@@ -76,6 +76,8 @@ spec:
       params:
         - name: package
           value: $(params.package)
+        - name: flags
+          value: -v -mod=vendor
       resources:
         inputs:
           - name: source
@@ -88,7 +90,7 @@ spec:
         - name: package
           value: $(params.package)
         - name: flags
-          value: -ldflags "-X github.com/tektoncd/pipeline/pkg/version.PipelineVersion=$(params.versionTag)"
+          value: -mod=vendor -ldflags "-X github.com/tektoncd/pipeline/pkg/version.PipelineVersion=$(params.versionTag)"
       resources:
         inputs:
           - name: source
diff --git a/vendor/github.com/tektoncd/plumbing/scripts/library.sh b/vendor/github.com/tektoncd/plumbing/scripts/library.sh
index 81396ebc062..00431f6adc0 100644
--- a/vendor/github.com/tektoncd/plumbing/scripts/library.sh
+++ b/vendor/github.com/tektoncd/plumbing/scripts/library.sh
@@ -284,7 +284,7 @@ function report_go_test() {
   # Run tests in verbose mode to capture details.
   # go doesn't like repeating -v, so remove if passed.
   local args=" $@ "
-  local go_test="go test -race -v ${args/ -v / }"
+  local go_test="go test -mod=vendor -race -v ${args/ -v / }"
   # Just run regular go tests if not on Prow.
   echo "Running tests with '${go_test}'"
   local report=$(mktemp)
diff --git a/vendor/github.com/tektoncd/plumbing/scripts/presubmit-tests.sh b/vendor/github.com/tektoncd/plumbing/scripts/presubmit-tests.sh
index 6a08c919a27..7f7777250c8 100644
--- a/vendor/github.com/tektoncd/plumbing/scripts/presubmit-tests.sh
+++ b/vendor/github.com/tektoncd/plumbing/scripts/presubmit-tests.sh
@@ -149,7 +149,7 @@ function yaml_build_tests() {
   (( DISABLE_YAML_LINTING )) && return 0
   subheader "Linting the yaml files"
   local yamlfiles=""
-   
+
   for file in $(cat ${CHANGED_FILES}); do
     [[ -z $(echo "${file}" | grep '\.yaml$\|\.yml$' | grep -v '^vendor/' | grep -v '^third_party/') ]] && continue
 
@@ -187,7 +187,7 @@ function default_build_test_runner() {
   [[ -z "${go_pkg_dirs}" ]] && return ${failed}
   # Ensure all the code builds
   subheader "Checking that go code builds"
-  go build -v ./... || failed=1
+  go build -mod=vendor -v ./... || failed=1
   # Get all build tags in go code. Ignore tags in /vendor, /third_party, and
   # tools for compatibility to allow for Go modules binary tool tracking. See
   # https://github.com/golang/go/wiki/Modules#how-can-i-track-tool-dependencies-for-a-module
@@ -195,7 +195,7 @@ function default_build_test_runner() {
   local tags="$(grep -r '// +build' . \
       | grep -v '^./vendor/' | grep -v '^./third_party/' | grep -v "+build tools" | cut -f3 -d' ' | sort | uniq | tr '\n' ' ')"
   if [[ -n "${tags}" ]]; then
-    go test -run=^$ -tags="${tags}" ./... || failed=1
+    go test -mod=vendor -run=^$ -tags="${tags}" ./... || failed=1
   fi
   if [[ -f ./hack/verify-codegen.sh ]]; then
     subheader "Checking autogenerated code is up-to-date"