diff --git a/Dockerfile b/Dockerfile
index bbd6b914..f4b0622e 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -12,7 +12,7 @@ RUN CGO_ENABLED=0 make local build
 
 # Choose alpine as a base image to make this useful for CI, as many
 # CI tools expect an interactive shell inside the container
-FROM alpine:3.12 as production
+FROM alpine:3.12.3 as production
 
 COPY --from=builder /go/src/mikefarah/yq/yq /usr/bin/yq
 RUN chmod +x /usr/bin/yq
diff --git a/scripts/publish-docker.sh b/scripts/publish-docker.sh
index 315eb197..3a2c67a5 100755
--- a/scripts/publish-docker.sh
+++ b/scripts/publish-docker.sh
@@ -6,4 +6,6 @@ docker build \
   --build-arg VERSION=${VERSION} \
   -t mikefarah/yq:latest \
   -t mikefarah/yq:${VERSION} \
-  .
\ No newline at end of file
+  .
+
+trivy image mikefarah/yq:${VERSION}
\ No newline at end of file