diff --git a/.github/workflows/container-scan.yml b/.github/workflows/container-scan.yml
index 022586a..3d0698c 100644
--- a/.github/workflows/container-scan.yml
+++ b/.github/workflows/container-scan.yml
@@ -8,6 +8,11 @@ jobs:
   container-scan:
     name: Container Scan
     runs-on: ubuntu-latest
+    permissions:
+      security-events: write
+      actions: read
+      contents: read
+
     steps:
       - name: Checkout code
         uses: actions/checkout@v4
@@ -20,11 +25,12 @@ jobs:
       - name: Run Trivy
         uses: aquasecurity/trivy-action@master
         with:
+          scan-type: image
           image-ref: 'githubexporter/github-exporter:${{ steps.get-current-version.outputs.version }}'
           format: 'sarif'
           output: 'trivy-results.sarif'
 
       - name: Upload Trivy scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@v2
+        uses: github/codeql-action/upload-sarif@v3
         with:
           sarif_file: 'trivy-results.sarif'