diff --git a/.github/workflows/callable-grype-scan.yaml b/.github/workflows/callable-grype-scan.yaml
new file mode 100644
index 00000000..bfa0d3d8
--- /dev/null
+++ b/.github/workflows/callable-grype-scan.yaml
@@ -0,0 +1,48 @@
+# Copyright 2024 Defense Unicorns
+# SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial
+
+name: Grype Scan
+
+on:
+  # This allows other repositories to call this workflow in a reusable way
+  workflow_call:
+    inputs:
+      zarf_yaml:
+        type: string
+        default: zarf.yaml
+        description: location of zarf.yaml file to scan
+
+# Permissions for the GITHUB_TOKEN used by the workflow.
+permissions:
+  contents: read # Allows reading the content of the repository.
+
+jobs:
+  run:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read # Allows reading the repo contents
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          fetch-depth: 0
+
+      - name: Install UDS CLI
+        uses: defenseunicorns/setup-uds@b987a32bac3baeb67bfb08f5e1544e2f9076ee8a # v1.0.0
+        with:
+          # renovate: datasource=github-tags depName=defenseunicorns/uds-cli versioning=semver
+          version: v0.19.2
+
+      - name: run grype scan
+        id: scan
+        run: |
+          OUTPUT_DIR=$(mktemp -d)
+          uds run grype:scan --no-progress --set OUTPUT_DIR="${OUTPUT_DIR}" --set ZARF_YAML="${{inputs.zarf_yaml}}"
+          echo "output_dir=${OUTPUT_DIR}" > "$GITHUB_OUTPUT"
+
+      - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
+        with:
+          name: grype-scans
+          path: ${{ steps.scan.outputs.output_dir }}
+          retention-days: 30
diff --git a/tasks.yaml b/tasks.yaml
index ac4ca92a..68461dc2 100644
--- a/tasks.yaml
+++ b/tasks.yaml
@@ -5,6 +5,7 @@ includes:
   - setup: ./tasks/setup.yaml
   - create: ./tasks/create.yaml
   - deploy: ./tasks/deploy.yaml
+  - grype: ./tasks/grype.yaml
   - lint: ./tasks/lint.yaml
   - publish: ./tasks/publish.yaml
   - pull: ./tasks/pull.yaml
diff --git a/tasks/README.md b/tasks/README.md
index 5940c656..15dd0a53 100644
--- a/tasks/README.md
+++ b/tasks/README.md
@@ -116,9 +116,16 @@ There are multiple task files available in this repository with different object
 | **debug-output** | Print debug output from a k8s cluster |
 | **clean-gh-runner** | Cleanup unneeded files to free space on a GitHub runner |
 | **install-deps** | Install the runner dependencies for testing UDS Packages |
+| **install-grype** | Install the grype for vulnerability scanning |
 | **save-logs** | Save Pod and Node logs from a cluster and fix permissions |
 | **setup-environment** | Setup the runner environment for testing UDS Packages |
 | **test-deploy** | Test a deployment of a UDS package/bundle |
 | **verify-badge** | Perform verification to assist with UDS badge certification |
 | **determine-arch** | Determine the architecture of the current machine |
 | **registry-login** | Log in to an OCI registry |
+
+### [grype.yaml](./tasks/grype.yaml)
+
+| Name | Description |
+|------|-------------|
+| **scan** | Execute grype scan on container images in zarf.yaml |
diff --git a/tasks/actions.yaml b/tasks/actions.yaml
index 6464cf88..e951e5c5 100644
--- a/tasks/actions.yaml
+++ b/tasks/actions.yaml
@@ -138,6 +138,20 @@ tasks:
           "https://github.com/defenseunicorns/uds-releaser/releases/download/${UDS_RELEASER_VERSION}/uds-releaser_${UDS_RELEASER_VERSION}_$(uname -s)_${{ .variables.ARCH }}" \
           && chmod +x /usr/local/bin/uds-releaser
 
+  - name: install-grype
+    description: Install the grype for vulnerability scanning
+    actions:
+      - task: determine-arch
+      - description: Install Grype
+        env:
+          # renovate: datasource=github-tags depName=anchore/grype versioning=semver
+          - GRYPE_VERSION=v0.85.0
+        cmd: |
+          trimmed_version=$(echo "${GRYPE_VERSION}" | sed 's/v//')
+          curl -sL "https://github.com/anchore/grype/releases/download/${GRYPE_VERSION}/grype_${trimmed_version}_$(uname -s)_${{ .variables.ARCH }}.tar.gz" -o - \
+            | tar -zOx grype > /usr/local/bin/grype
+          chmod +x /usr/local/bin/grype
+
   - name: authenticate-registries
     description: Log in to the registries for testing and publishing UDS Packages
     actions:
diff --git a/tasks/grype.yaml b/tasks/grype.yaml
new file mode 100644
index 00000000..cb76db73
--- /dev/null
+++ b/tasks/grype.yaml
@@ -0,0 +1,29 @@
+# Copyright 2024 Defense Unicorns
+# SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial
+
+includes:
+  - actions: ./actions.yaml
+
+variables:
+  - name: OUTPUT_DIR
+    default: scans
+  - name: ZARF_YAML
+    default: zarf.yaml
+
+tasks:
+  - name: scan
+    description: Execute grype scan on container images in zarf.yaml
+    actions:
+      - task: actions:install-grype
+
+      - description: Run grype scan against zarf.yaml components.*.images
+        cmd: |
+          CONTAINER_IMAGES=$(./uds zarf tools yq -r '[.components.[].images] | flatten | .[]' "${ZARF_YAML}" | grep -ve '.sig' | grep -ve '.att')
+          for image in $CONTAINER_IMAGES; do
+            filename=$(echo "${image}" | sed 's%/%_%g' | sed 's%:%-%g')
+            output_file="${OUTPUT_DIR}/${filename}".json
+
+            grype -q "${image}" -o json > "${output_file}"
+
+            ./uds zarf tools yq "${output_file}"
+          done