diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml
index fe31a25..27b71a2 100644
--- a/.github/workflows/build.yaml
+++ b/.github/workflows/build.yaml
@@ -61,4 +61,3 @@ jobs:
         with:
             comment_tag: bot-comment
             filePath: pr-message
-
diff --git a/.github/workflows/reusable-build.yaml b/.github/workflows/reusable-build.yaml
index 7ea48fa..13c3ea7 100644
--- a/.github/workflows/reusable-build.yaml
+++ b/.github/workflows/reusable-build.yaml
@@ -62,6 +62,61 @@ jobs:
           echo "lables: ${{ steps.meta.outputs.labels }}"
           echo "tags: ${{ steps.meta.outputs.tags }}"
           echo "version: ${{ steps.meta.outputs.version }}"
+      # Build amd64 image to scan for vulnerabilities
+      - name: Build framework
+        uses: docker/build-push-action@v6
+        with:
+          load: true
+          sbom: false
+          platforms: linux/amd64
+          push: false
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          target: final
+          build-args: |
+            SECURITY_PROFILE=${{ inputs.security_profile }}
+      - name: Run Trivy vulnerability scanner on PR
+        if: ${{ github.event_name == 'pull_request' }}
+        uses: aquasecurity/trivy-action@0.20.0
+        with:
+          image-ref: ${{ steps.meta.outputs.tags }}
+          exit-code: '1'
+          format: 'table'
+          severity: 'CRITICAL'
+      - name: Run Grype vulnerability scanner on PR
+        if: ${{ github.event_name == 'pull_request' }}
+        uses: anchore/scan-action@v3
+        with:
+          image: ${{ steps.meta.outputs.tags }}
+          severity-cutoff: critical
+          output-format: 'table'
+          fail-build: true
+      - name: Run Trivy vulnerability scanner on push
+        if: ${{ github.event_name == 'push' }}
+        uses: aquasecurity/trivy-action@0.20.0
+        with:
+          image-ref: ${{ steps.meta.outputs.tags }}
+          format: 'sarif'
+          output: 'trivy-results.sarif'
+      - name: Run Grype vulnerability scanner on push
+        if: ${{ github.event_name == 'push' }}
+        id: grype
+        uses: anchore/scan-action@v3
+        with:
+          image: ${{ steps.meta.outputs.tags }}
+          severity-cutoff: critical
+          output-format: 'sarif'
+          fail-build: false
+      - name: Upload Trivy scan results to GitHub Security tab
+        if: ${{ github.event_name == 'push' }}
+        uses: github/codeql-action/upload-sarif@v2
+        with:
+          sarif_file: 'trivy-results.sarif'
+      - name: Upload Grype scan results to GitHub Security tab
+        if: ${{ github.event_name == 'push' }}
+        uses: github/codeql-action/upload-sarif@v2
+        with:
+          sarif_file: ${{ steps.grype.outputs.sarif }}
       - name: Build and push framework
         uses: docker/build-push-action@v6
         with: