diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 73d2f5f..6362ca1 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -78,6 +78,13 @@ jobs:
 
     - name: Scan image
       uses: anchore/scan-action@v3.2.0
+      id: scan
       with:
         image: "hipages/php-fpm_exporter:latest"
         fail-build: true
+        acs-report-enable: true
+
+    - name: Upload Anchore scan SARIF report
+      uses: github/codeql-action/upload-sarif@v1
+      with:
+        sarif_file: ${{ steps.scan.outputs.sarif }}