diff --git a/.github/workflows/mend.yaml b/.github/workflows/mend.yaml
index e50ccd6..4cca13e 100644
--- a/.github/workflows/mend.yaml
+++ b/.github/workflows/mend.yaml
@@ -2,20 +2,33 @@ name: Mend CLI Scan
 
 on:
   workflow_dispatch:
-    inputs:
-      image:
-        description: 'Image to scan'
-        required: true
-        default: 'docker.io/vespaengine/vespa:8'
-
-env:
-  IMAGE: ${{ inputs.image }}
+  pull_request:
+    branches: [master]
+  push:
+    branches: [master]
 
 jobs:
   mend:
     runs-on: ubuntu-latest
 
+    strategy:
+      fail-fast: false
+      matrix:
+        image:
+          - 'docker.io/vespaengine/vespa:8'
+          - 'docker.io/vespaengine/vespa-build-almalinux-8:latest'
+          - 'docker.io/vespaengine/vespa-dev-almalinux-8:latest'
+          - 'docker.io/vespaengine/vespa-build-almalinux-9:latest'
+          - 'docker.io/vespaengine/vespa-dev-almalinux-9:latest'
+
     steps:
+    - name: Free disk space
+      uses: jlumbroso/free-disk-space@54081f138730dfa15788a46383842cd2f914a1be
+      with:
+        large-packages: false
+        docker-images: false
+        swap-storage: false
+
     - name: Downloading Mend CLI
       run: |
         echo Downloading Mend CLI
@@ -26,5 +39,16 @@ jobs:
         MEND_EMAIL: ${{secrets.MEND_EMAIL}}
         MEND_USER_KEY: ${{secrets.MEND_USER_KEY}}
         MEND_URL: https://saas-eu.mend.io
+        IMAGE: ${{ matrix.image }}
       run: |
-        mend image "$IMAGE"
+        echo "Scanning image ${IMAGE}"
+
+        # Project is everything after the last slash (typically: vespa...:8)
+        MEND_PROJECT=${IMAGE##*/}
+        echo "Project: ${MEND_PROJECT}"
+
+        # Application is everything before the last slash (typically: docker.io/vespaengine)
+        MEND_APPLICATION=${IMAGE%/*}
+        echo "Application: ${MEND_APPLICATION}"
+
+        mend image "${IMAGE}" --scope "Vespa.ai//${MEND_APPLICATION}//${MEND_PROJECT}"