diff --git a/.github/workflows/scan-vulnerability.yaml b/.github/workflows/scan-vulnerability.yaml
index 88108788..a8751a26 100644
--- a/.github/workflows/scan-vulnerability.yaml
+++ b/.github/workflows/scan-vulnerability.yaml
@@ -32,3 +32,8 @@ jobs:
       - name: Scan the repository for vulnerabilities
         run: |
           uds run vuln-check:grype-scan-sbom
+
+      - name: Upload SARIF files
+        uses: github/codeql-action/upload-sarif@v1
+        with:
+          sarif_file: 'sarif/*.sarif'