diff --git a/.github/workflows/integrate.yaml b/.github/workflows/integrate.yaml
index a95b74a..3fceefd 100644
--- a/.github/workflows/integrate.yaml
+++ b/.github/workflows/integrate.yaml
@@ -67,10 +67,20 @@ jobs:
     - name: Check coverage
       run: make coverage
 
-  test-build:
+  test-docker:
     runs-on: ubuntu-latest
     steps:
     - uses: actions/checkout@v3
 
+    - name: Install latest Docker
+      run: |
+        curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
+        sudo add-apt-repository "deb [arch=amd64] https://download.docker.com/linux/ubuntu  $(lsb_release -cs)  stable"
+        sudo apt-get update
+        sudo apt-get install docker-ce
+
     - name: Build Docker image
       run: make docker-build
+
+    - name: Scan Docker image for vulnerabilities
+      run: make docker-scan
diff --git a/Makefile b/Makefile
index f9842a9..f701ff1 100644
--- a/Makefile
+++ b/Makefile
@@ -1,3 +1,5 @@
+IMAGE ?= openrca/orca
+
 .PHONY: format
 format:
 	@tox -e test-tools -- black .
@@ -20,4 +22,8 @@ coverage:
 
 .PHONY: docker-build
 docker-build:
-	@docker build . -f Dockerfile -t openrca/orca
+	@docker build . -f Dockerfile -t $(IMAGE)
+
+.PHONY: docker-scan
+docker-scan:
+	@docker scan --accept-license --file Dockerfile --dependency-tree $(IMAGE)