diff --git a/.forgejo/workflows/docker-build.yml b/.forgejo/workflows/docker-build.yml
index 615da18..b13214f 100644
--- a/.forgejo/workflows/docker-build.yml
+++ b/.forgejo/workflows/docker-build.yml
@@ -11,6 +11,7 @@ env:
   FORGEJO_HOST: code.zeidler.dev
   HELM_EXPERIMENTAL_OCI: 1
   TRIVY_IMAGE: registry.zeidler.dev/docker-hub/aquasec/trivy:0.70.0
+  GRYPE_IMAGE: registry.zeidler.dev/docker-hub/anchore/grype:v0.88.0
 
 jobs:
   check-docker:
@@ -61,7 +62,7 @@ jobs:
             --format cyclonedx --output /output/sbom-proxy.cdx.json \
             scan/proxy:latest
 
-      - name: Scan proxy image
+      - name: Scan proxy image (Trivy)
         run: |
           docker run --rm \
             -v /var/run/docker.sock:/var/run/docker.sock \
@@ -71,6 +72,15 @@ jobs:
             --format table \
             scan/proxy:latest
 
+      - name: Scan proxy image (Grype)
+        run: |
+          docker run --rm \
+            -v /var/run/docker.sock:/var/run/docker.sock \
+            ${{ env.GRYPE_IMAGE }} \
+            docker:scan/proxy:latest \
+            --fail-on high \
+            --only-fixed
+
       - name: Build claude image for scanning
         run: docker build -t scan/claude:latest ./claude
 
@@ -84,7 +94,7 @@ jobs:
             --format cyclonedx --output /output/sbom-claude.cdx.json \
             scan/claude:latest
 
-      - name: Scan claude image
+      - name: Scan claude image (Trivy)
         run: |
           docker run --rm \
             -v /var/run/docker.sock:/var/run/docker.sock \
@@ -94,6 +104,15 @@ jobs:
             --format table \
             scan/claude:latest
 
+      - name: Scan claude image (Grype)
+        run: |
+          docker run --rm \
+            -v /var/run/docker.sock:/var/run/docker.sock \
+            ${{ env.GRYPE_IMAGE }} \
+            docker:scan/claude:latest \
+            --fail-on high \
+            --only-fixed
+
       - name: Upload SBOMs
         if: always()
         uses: actions/upload-artifact@v4