diff --git a/.github/workflows/docker-build.yml b/.github/workflows/docker-build.yml
index 206925b..56ce360 100644
--- a/.github/workflows/docker-build.yml
+++ b/.github/workflows/docker-build.yml
@@ -50,7 +50,10 @@ jobs:
         id: scan
         with:
           sbom: sbom.spdx.json
+          severity-cutoff: high
           fail-build: false
+          only-fixed: true
+          by-cve: true
 
       - name: upload Anchore scan SARIF report
         uses: github/codeql-action/upload-sarif@v2