diff --git a/.github/workflows/scan-docker-images.yml b/.github/workflows/scan-docker-images.yml
new file mode 100644
index 00000000000..86a9fccb459
--- /dev/null
+++ b/.github/workflows/scan-docker-images.yml
@@ -0,0 +1,50 @@
+---
+name: "Scan Docker images"
+
+on:
+  schedule:
+    - cron: "15 1 * * 0"
+
+jobs:
+  list-images:
+    runs-on: ubuntu-latest
+    outputs:
+      images: ${{ steps.get-images.outputs.result }}
+    steps:
+      - uses: actions/checkout@v3
+      - name: Parse image list
+        id: get-images
+        uses: mikefarah/yq@master
+        with:
+          cmd: yq -o=json '[with_entries(select(.key | test("_hashed$"))).[].new]' tools/scripts/bumpenvs.yaml
+  scan-images:
+    needs: list-images
+    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        image: ${{ fromJSON(needs.list-images.outputs.images) }}
+    steps:
+      - name: Free up some space
+        if: contains(matrix.image, 'cuda-11') || contains(matrix.image, 'rocm')
+        uses: jlumbroso/free-disk-space@main
+        with:
+          tool-cache: true
+      - name: Scan ${{ matrix.image }}
+        id: scan
+        continue-on-error: true
+        uses: anchore/scan-action@v3
+        with:
+          image: ${{ matrix.image }}
+          acs-report-enable: true
+          fail-build: true
+          severity-cutoff: high
+      - name: Print SARIF report for ${{ matrix.image }}
+        run: cat ${{ steps.scan.outputs.sarif }}
+      - name: Upload SARIF report for ${{ matrix.image }}
+        uses: github/codeql-action/upload-sarif@v2
+        with:
+          sarif_file: ${{ steps.scan.outputs.sarif }}
+      - name: Fail job if scan failed
+        if: steps.scan.outcome == 'failure'
+        run:  exit 1
diff --git a/.grype.yaml b/.grype.yaml
new file mode 100644
index 00000000000..d6f9059e67e
--- /dev/null
+++ b/.grype.yaml
@@ -0,0 +1,98 @@
+---
+ignore:
+  # These vulnerabilities are disputed or awaiting analysis by the NumPy, Scikit-learn, or Python communities
+  - vulnerability: CVE-2020-13092
+  - vulnerability: CVE-2021-41495
+  - vulnerability: CVE-2021-41496
+  - vulnerability: CVE-2015-20107
+
+  # These vulnerabilities pertain to the Docker engine (or proprietary distributions), but only the Python client is included in the images
+  - vulnerability: CVE-2017-7297
+  - vulnerability: CVE-2019-13139
+  - vulnerability: CVE-2019-13509
+  - vulnerability: CVE-2019-16884
+  - vulnerability: CVE-2019-5736
+
+# This vulnerability is fixed in JupyterLab 3.2.0, but was still flagged after we moved to that version
+  - vulnerability: CVE-2021-32797
+
+# These vulnerabilities are fixed in newer versions of TensorFlow, but not in 1.15 which is out of maintenance and no longer our default
+  - vulnerability: GHSA-2r8p-fg3c-wcj4
+  - vulnerability: GHSA-4xfp-4pfp-89wg
+  - vulnerability: GHSA-5xwc-mrhx-5g3m
+  - vulnerability: GHSA-6gv8-p3vj-pxvr
+  - vulnerability: GHSA-6p5r-g9mq-ggh2
+  - vulnerability: GHSA-7fvx-3jfc-2cpc
+  - vulnerability: GHSA-8pmx-p244-g88h
+  - vulnerability: GHSA-9c8h-vvrj-w2p8
+  - vulnerability: GHSA-c5x2-p679-95wc
+  - vulnerability: GHSA-c9qf-r67m-p7cg
+  - vulnerability: GHSA-cgfm-62j4-v4rf
+  - vulnerability: GHSA-cwv3-863g-39vx
+  - vulnerability: GHSA-f5cx-5wr3-5qrc
+  - vulnerability: GHSA-f8h4-7rgh-q2gm
+  - vulnerability: GHSA-fcwc-p4fc-c5cc
+  - vulnerability: GHSA-g25h-jr74-qp5j
+  - vulnerability: GHSA-g8wg-cjwc-xhhp
+  - vulnerability: GHSA-gh6x-4whr-2qv4
+  - vulnerability: GHSA-h4pc-gx2w-f2xv
+  - vulnerability: GHSA-hpv4-7p9c-mvfr
+  - vulnerability: GHSA-hwr7-8gxx-fj5p
+  - vulnerability: GHSA-jf7h-7m85-w2v2
+  - vulnerability: GHSA-m7fm-4jfh-jrg6
+  - vulnerability: GHSA-q3g3-h9r4-prrc
+  - vulnerability: GHSA-qr82-2c78-4m8h
+  - vulnerability: GHSA-r4c4-5fpq-56wg
+  - vulnerability: GHSA-r6jx-9g48-2r5r
+  - vulnerability: GHSA-v768-w7m9-2vmm
+  - vulnerability: GHSA-v82p-hv3v-p6qp
+  - vulnerability: GHSA-w4xf-2pqw-5mq7
+  - vulnerability: GHSA-w74j-v8xh-3w5h
+  - vulnerability: GHSA-wp77-4gmm-7cq8
+  - vulnerability: GHSA-374m-jm66-3vj8
+  - vulnerability: GHSA-3rcw-9p9x-582v
+  - vulnerability: GHSA-49rx-x2rw-pc6f
+  - vulnerability: GHSA-4f99-p9c2-3j8x
+  - vulnerability: GHSA-57wx-m983-2f88
+  - vulnerability: GHSA-7pxj-m4jf-r6h2
+  - vulnerability: GHSA-cqv6-3phm-hcwx
+  - vulnerability: GHSA-f54p-f6jp-4rhr
+  - vulnerability: GHSA-fr77-rrx3-cp7g
+  - vulnerability: GHSA-j86v-p27c-73fm
+  - vulnerability: GHSA-m342-ff57-4jcc
+  - vulnerability: GHSA-pgcq-h79j-2f69
+  - vulnerability: GHSA-rg3m-hqc5-344v
+  - vulnerability: GHSA-vwhq-49r4-gj9v
+
+# These vulnerabilities are fixed in newer versions of TensorFlow, but not in 2.4 which is out of maintenance and no longer our default
+  - vulnerability: GHSA-8jj7-5vxc-pg2q
+  - vulnerability: GHSA-98p5-x8x4-c9m5
+  - vulnerability: GHSA-9c78-vcq7-7vxq
+  - vulnerability: GHSA-9gwq-6cwj-47h3
+  - vulnerability: GHSA-c6fh-56w7-fvjw
+  - vulnerability: GHSA-h6gw-r52c-724r
+  - vulnerability: GHSA-pfjj-m3jj-9jc9
+  - vulnerability: GHSA-q85f-69q7-55h2
+  - vulnerability: GHSA-qx3f-p745-w4hr
+  - vulnerability: GHSA-vjg4-v33c-ggc4
+  - vulnerability: GHSA-wc4g-r73w-x8mm
+  - vulnerability: GHSA-23hm-7w47-xw72
+  - vulnerability: GHSA-247x-2f9f-5wp7
+  - vulnerability: GHSA-24x4-6qmh-88qg
+  - vulnerability: GHSA-43q8-3fv7-pr5x
+  - vulnerability: GHSA-44qp-9wwf-734r
+  - vulnerability: GHSA-4hvf-hxvg-f67v
+  - vulnerability: GHSA-5qw5-89mw-wcg2
+  - vulnerability: GHSA-6gmv-pjp9-p8w8
+  - vulnerability: GHSA-77gp-3h4r-6428
+
+# These vulnerabilities are found in ROCm-specific tools and will not be addressed at this time
+  - vulnerability: GHSA-47wv-vhj2-g66m
+  - vulnerability: GHSA-8c5j-9r9f-c6w8
+  - vulnerability: GHSA-53qw-q765-4fww
+  - vulnerability: GHSA-v6rh-hp5x-86rv
+  - vulnerability: GHSA-8vj2-vxx3-667w
+  - vulnerability: GHSA-9j59-75qj-795w
+  - vulnerability: GHSA-pw3c-h7wp-cvhx
+  - vulnerability: GHSA-p5w8-wqhj-9hhf
+  - vulnerability: GHSA-p737-p57g-4cpr