diff --git a/.github/workflows/gradle-build.yml b/.github/workflows/gradle-build.yml
index 2087bf022..7ed60a320 100644
--- a/.github/workflows/gradle-build.yml
+++ b/.github/workflows/gradle-build.yml
@@ -53,6 +53,15 @@ jobs:
           context: .
           push: false
           tags: ghcr.io/${{ env.IMAGE_NAME }}:test
+      - name: Run Trivy vulnerability scanner
+        uses: aquasecurity/trivy-action@master
+        with:
+          image-ref: 'ghcr.io/${{ env.IMAGE_NAME }}:test'
+          format: 'table'
+          exit-code: '1'
+          ignore-unfixed: true
+          vuln-type: 'os,library'
+          severity: 'CRITICAL,HIGH'
 
   ort:
     runs-on: ubuntu-latest