diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml
index c63a7aa..f9c40fc 100644
--- a/.github/workflows/build.yaml
+++ b/.github/workflows/build.yaml
@@ -17,6 +17,14 @@ jobs:
         with:
           go-version: "1.23"
 
+      - name: Run Trivy vulnerability scan
+        uses: aquasecurity/trivy-action@0.33.1
+        with:
+          scan-type: fs
+          format: json
+          exit-code: "1"
+          severity: CRITICAL,HIGH
+
       - name: Run GoReleaser
         uses: goreleaser/goreleaser-action@v5
         with: