From 8639b3aa187fcc7434a2a1bf70bf4623868e194b Mon Sep 17 00:00:00 2001
From: Elliot Matson <1711604+elliotmatson@users.noreply.github.com>
Date: Tue, 31 Jan 2023 21:12:56 -0600
Subject: [PATCH] Update docker.yml

---
 .github/workflows/docker.yml | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
index 8ae587d..5e21daa 100644
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@@ -73,13 +73,18 @@ jobs:
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
 
+  security-scan:
+    runs-on: ubuntu-latest
+    permissions:
+      security-events: write
+    needs: build-and-push-image
+    steps:
       - name: Run Trivy vulnerability scanner
         uses: aquasecurity/trivy-action@master
         with:
           image-ref: ${{ env.DOCKER_IMAGE }}
           format: 'sarif'
           output: 'trivy-results.sarif'
-
       - name: Upload Trivy scan results to GitHub Security tab
         uses: github/codeql-action/upload-sarif@v2
         with: