diff --git a/.github/workflows/scan.yml b/.github/workflows/scan.yml
index 7d172a9..c9211d7 100644
--- a/.github/workflows/scan.yml
+++ b/.github/workflows/scan.yml
@@ -10,6 +10,9 @@ jobs:
     name: Scan current image & report results
     runs-on: "ubuntu-20.04"
     steps:
+      - name: Checkout code
+        uses: actions/checkout@v2
+
       - name: Run Trivy vulnerability scanner
         uses: aquasecurity/trivy-action@master
         with: