diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index c1832104c7..2d0f21b926 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -315,6 +315,11 @@ jobs:
           cache-from: type=registry,ref=ghcr.io/fuellabs/fuel-core-build-cache:latest
           cache-to: type=registry,ref=ghcr.io/fuellabs/fuel-core-build-cache:latest,mode=max
 
+      - name: Scan container image
+        uses: crazy-max/ghaction-container-scan@v3
+        with:
+          image: ${{ fromJSON(steps.meta.outputs.json).tags[0] }}
+
   # duplicate of publish-docker-image, but with profiling features enabled
   # this is split into a separate action since it takes longer to build
   publish-docker-image-profiling:
@@ -365,6 +370,11 @@ jobs:
           cache-from: type=registry,ref=ghcr.io/fuellabs/fuel-core-debug-build-cache:latest
           cache-to: type=registry,ref=ghcr.io/fuellabs/fuel-core-debug-build-cache:latest,mode=max
 
+      - name: Scan container image
+        uses: crazy-max/ghaction-container-scan@v3
+        with:
+          image: ${{ fromJSON(steps.meta.outputs.json).tags[0] }}
+
       - uses: FuelLabs/.github/.github/actions/slack-notify-template@master
         if: always() && (github.ref == 'refs/heads/master' || github.ref_type == 'tag')
         with:
@@ -424,6 +434,11 @@ jobs:
           cache-from: type=registry,ref=ghcr.io/fuellabs/fuel-core-e2e-build-cache:latest
           cache-to: type=registry,ref=ghcr.io/fuellabs/fuel-core-e2e-build-cache:latest,mode=max
 
+      - name: Scan container image
+        uses: crazy-max/ghaction-container-scan@v3
+        with:
+          image: ${{ fromJSON(steps.meta.outputs.json).tags[0] }}
+
       - uses: FuelLabs/.github/.github/actions/slack-notify-template@master
         if: always() && (github.ref == 'refs/heads/master' || github.ref_type == 'tag')
         with: