diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 117ac09..47a45e6 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -90,3 +90,16 @@ jobs:
           platforms: linux/amd64
           push: true
           tags: ${{ steps.image-name.outputs.name }}
+
+      - name: Scan Docker image
+        id: container-scan
+        uses: anchore/scan-action@3343887d815d7b07465f6fdcd395bd66508d486a # v3.6.4
+        with:
+          image: ${{ steps.image-name.outputs.name }}
+          fail-build: false
+          output-format: sarif
+
+      - name: Upload Grype results to GitHub
+        uses: github/codeql-action/upload-sarif@2d790406f505036ef40ecba973cc774a50395aac # v3.25.13
+        with:
+          sarif_file: ${{ steps.container-scan.outputs.sarif }}