diff --git a/.github/workflows/cve-scan.yaml b/.github/workflows/cve-scan.yaml
index c6ec0a60..bb723f54 100644
--- a/.github/workflows/cve-scan.yaml
+++ b/.github/workflows/cve-scan.yaml
@@ -26,8 +26,15 @@ jobs:
           DOCKER_BUILDKIT=1 docker build -f .docker/Dockerfile-alpine -t oryd/ory:test-vulns .
           rm ory
       - name: Scan image
+        id: scan
         uses: anchore/scan-action@v3
         with:
           image: oryd/ory:test-vulns
           fail-build: true
           severity-cutoff: high
+      - name: Inspect action SARIF report
+        run: cat ${{ steps.scan.outputs.sarif }}      
+      - name: Upload Anchore scan SARIF report
+        uses: github/codeql-action/upload-sarif@v2
+        with:
+          sarif_file: ${{ steps.scan.outputs.sarif }}
\ No newline at end of file