diff --git a/.github/workflows/pr-build.yml b/.github/workflows/pr-build.yml
index 0875e53..223b876 100644
--- a/.github/workflows/pr-build.yml
+++ b/.github/workflows/pr-build.yml
@@ -33,6 +33,26 @@ jobs:
         uses: hypertrace/github-actions/gradle@main
         with: 
           args: build dockerBuildImages
+      
+      - name: Determine docker tag
+        id: tag
+        run: echo ::set-output name=tag::$(./gradlew -q printDockerImageDefaultTag | head -1)
+
+      - name: Scan docker image
+        uses: azure/container-scan@v0.1
+        with:
+          image-name: hypertrace/pinot:${{ steps.tag.outputs.tag }}
+        env:
+          DOCKLE_HOST: "unix:///var/run/docker.sock"
+        continue-on-error: true
+
+      - name: Scan docker image
+        uses: azure/container-scan@v0.1
+        with:
+          image-name: hypertrace/pinot-servicemanager:${{ steps.tag.outputs.tag }}
+        env:
+          DOCKLE_HOST: "unix:///var/run/docker.sock"
+        continue-on-error: true
 
   validate-helm-charts:
     runs-on: ubuntu-20.04
diff --git a/build.gradle.kts b/build.gradle.kts
index bbf44fe..63fc5bd 100644
--- a/build.gradle.kts
+++ b/build.gradle.kts
@@ -1,7 +1,7 @@
 plugins {
   id("org.hypertrace.repository-plugin") version "0.4.0"
-  id("org.hypertrace.docker-plugin") version "0.9.0"
-  id("org.hypertrace.docker-publish-plugin") version "0.9.0"
+  id("org.hypertrace.docker-plugin") version "0.9.4"
+  id("org.hypertrace.docker-publish-plugin") version "0.9.4"
 }
 
 hypertraceDocker {