diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml
new file mode 100644
index 000000000..d9b461518
--- /dev/null
+++ b/.github/workflows/trivy.yml
@@ -0,0 +1,41 @@
+name: "Container Scan"
+on:
+  push:
+    branches: [ "master" ]
+  pull_request:
+  schedule:
+    - cron: '24 19 * * 3'
+jobs:
+  trivy:
+    name: Trivy
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@v2
+    - name: Check out code
+      uses: actions/checkout@v2
+    - uses: actions/setup-node@master
+      with:
+        node-version: 16.x
+    - run: npm install
+      working-directory: ./web
+    - name: Build web
+      run: npm run build
+      working-directory: ./web
+    - name: Set up QEMU
+      uses: docker/setup-qemu-action@v1
+    - name: Set up Docker Buildx
+      uses: docker/setup-buildx-action@v1
+    - name: Build
+      run: make
+    - name: Run Trivy vulnerability scanner
+      uses: aquasecurity/trivy-action@master
+      with:
+        image-ref: 'frigate:latest'
+        format: 'sarif'
+        output: 'trivy-results.sarif'
+    - name: Upload Trivy scan results to GitHub Security tab
+      uses: github/codeql-action/upload-sarif@v2
+      if: always()
+      with:
+        sarif_file: 'trivy-results.sarif'
\ No newline at end of file