diff --git a/.github/workflows/container-scan.yml b/.github/workflows/container-scan.yml
new file mode 100644
index 0000000..48b7147
--- /dev/null
+++ b/.github/workflows/container-scan.yml
@@ -0,0 +1,33 @@
+name: container-scan
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+jobs:
+  container-scan:
+    name: Container Scan
+    runs-on: docker
+    container:
+      image: node:20-bullseye
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+      - name: Install Docker
+        run: |
+          apt-get update
+          apt-get install -y docker.io
+          rm -rf /var/lib/apt/lists/*
+      - name: Build an image from Dockerfile
+        run: docker build -t git.dominikstahl.dev/dhbw-we/meetup:${{ github.sha }} .
+      - name: Install Trivy
+        run: |
+          curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b /usr/local/bin v0.61.0
+      - name: Run Trivy vulnerability scanner
+        run: |
+          trivy image --exit-code 1 --severity HIGH,CRITICAL,MEDIUM --ignore-unfixed --no-progress --format table git.dominikstahl.dev/dhbw-we/meetup:${{ github.sha }}
+          trivy image --exit-code 1 --severity HIGH,CRITICAL,MEDIUM --ignore-unfixed --no-progress --format json git.dominikstahl.dev/dhbw-we/meetup:${{ github.sha }} > trivy-report.json
+      - name: Upload Trivy report
+        uses: forgejo/upload-artifact@v4
+        with:
+          path: trivy-report.json