diff --git a/.github/workflows/ghcr_push_nightly.yml b/.github/workflows/ghcr_push_nightly.yml
index 1a82f997e56..377fad6e56f 100644
--- a/.github/workflows/ghcr_push_nightly.yml
+++ b/.github/workflows/ghcr_push_nightly.yml
@@ -41,21 +41,21 @@ jobs:
                   key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
                   restore-keys: ${{ runner.os }}-m2
 
-            - name: Build images
+            - name: Build container images
               run: mvn -Pct package -Dct.build.tag="${IMAGE_TAG}" -Dct.build.registry="${REGISTRY}"
 
-            - name: Scan Dataverse image
-              id: scan
-              uses: anchore/scan-action@v2
+            - name: Scan Dataverse Container Image for vulnerabilities
+              # https://github.com/aquasecurity/trivy-action
+              uses: aquasecurity/trivy-action@master
               with:
-                  image: "${{ env.REGISTRY }}/gdcc/dataverse-k8s:${{ env.IMAGE_TAG }}"
-                  # fail-build: true
-                  severity-cutoff: critical
-                  acs-report-enable: true
-            - name: upload Anchore scan SARIF report
+                  image-ref: '${{ env.REGISTRY }}/gdcc/dataverse-k8s:${{ env.IMAGE_TAG }}'
+                  format: 'template'
+                  template: '@/contrib/sarif.tpl'
+                  output: 'trivy-results.sarif'
+            - name: Upload scan results as SARIF report to GitHub Security Tab
               uses: github/codeql-action/upload-sarif@v1
               with:
-                  sarif_file: ${{ steps.scan.outputs.sarif }}
+                  sarif_file: 'trivy-results.sarif'
 
             - name: Log in to the Container registry
               uses: docker/login-action@v1