diff --git a/.github/workflows/build-and-release.yaml b/.github/workflows/build-and-release.yaml
index 7f850cb4..00cffb13 100644
--- a/.github/workflows/build-and-release.yaml
+++ b/.github/workflows/build-and-release.yaml
@@ -183,14 +183,16 @@ jobs:
           cache-db: true
           image: "ghcr.io/${{ github.repository }}:${{ github.sha }}"
           output-file: grype.sarif
-          severity-cutoff: critical # TODO: lower this once vulns are fixed
+          severity-cutoff: high
       - name: Upload SARIF file
         uses: github/codeql-action/upload-sarif@e296a935590eb16afc0c0108289f68c87e2a89a5 # v4.30.7
         with:
           sarif_file: grype.sarif
       - name: Check success or failure
         if: ${{ steps.scan.outcome == 'failure' }}
-        run: exit 1
+        run: |-
+          jq '.runs[0].results | map(select(.level == "error"))' grype.sarif
+          exit 1
 
       - name: Push to registry (proper)
         if: ${{ inputs.push-container-image }}
diff --git a/Containerfile b/Containerfile
index 0c97c06a..5c30f14a 100644
--- a/Containerfile
+++ b/Containerfile
@@ -1,4 +1,4 @@
-FROM --platform=$BUILDPLATFORM alpine:3.22.1 AS build
+FROM --platform=$BUILDPLATFORM alpine:3.22.2 AS build
 ARG TARGETOS
 ARG TARGETARCH
 
@@ -6,7 +6,7 @@ COPY dist dist
 RUN cp dist/multigres-operator-${TARGETARCH}/multigres-operator-${TARGETARCH} multigres-operator
 RUN chmod +x multigres-operator
 
-FROM alpine:3.22.1
+FROM alpine:3.22.2
 
 COPY --from=build multigres-operator multigres-operator