diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml
index 30589a1..4398950 100644
--- a/.github/workflows/cd.yml
+++ b/.github/workflows/cd.yml
@@ -30,22 +30,32 @@ jobs:
       id: get_version
       run: echo ::set-output name=VERSION::${GITHUB_REF/refs\/tags\//}
 
-    - name: Create Release
-      uses: actions/create-release@v1
-      env:
-        GITHUB_TOKEN: ${{ github.token }}
+    - name: Publish docker image locally for Snyk action
+      run: make docker-build
+
+    - name: Run Snyk to monitor vulnerabilities in Docker image
+      uses: snyk/actions/docker@master
+      if: ${{ !contains(github.ref, 'rc') }}
       with:
-        tag_name: ${{ steps.get_version.outputs.VERSION }}
-        release_name: Version ${{ steps.get_version.outputs.VERSION }}
-        draft: false
-        prerelease: false
+        image: "snowplow/dataflow-runner:${{ github.ref_name }}"
+        args: "--app-vulns --org=data-processing-new"
+        command: monitor
+      env:
+        SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
 
-    - name: Upload release binaries
-      uses: alexellis/upload-assets@0.2.3
+    - name: Create GitHub release and attach artifacts
+      uses: softprops/action-gh-release@v1
       env:
-        GITHUB_TOKEN: ${{ github.token }}
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
       with:
-        asset_paths: '["./build/bin/*.zip"]'
+        draft: true
+        prerelease: ${{ contains(github.ref , '-') }}
+        name: Version ${{ github.ref_name }}
+        tag_name: ${{ github.ref_name }}
+        files: |
+          build/bin/dataflow_runner_${{ github.ref_name }}_darwin_amd64.zip
+          build/bin/dataflow_runner_${{ github.ref_name }}_linux_amd64.zip
+          build/bin/dataflow_runner_${{ github.ref_name }}_windows_amd64.zip
 
     - name: Set up QEMU
       uses: docker/setup-qemu-action@v2
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 6723472..cc72ca4 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -33,7 +33,23 @@ jobs:
     - name: Checkout code
       uses: actions/checkout@v2
 
+    - name: Extract project version from file
+      id: version
+      run: |
+          echo ::set-output name=VERSION::"$(cat VERSION)"
+
     - name: Run tests
       run: |
         export PATH="$PATH:/tmp/consul/"
         make test
+
+    - name: Publish docker image locally for Snyk action
+      run: make docker-build
+
+    - name: Snyk Setup
+      uses: snyk/actions/setup@master
+
+    - name: Run Snyk to check for vulnerabilities in Docker image
+      run: snyk container test snowplow/dataflow-runner:${{steps.version.outputs.VERSION}} --severity-threshold=high
+      env:
+        SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
diff --git a/.github/workflows/snyk.yml b/.github/workflows/snyk.yml
deleted file mode 100644
index 065825c..0000000
--- a/.github/workflows/snyk.yml
+++ /dev/null
@@ -1,20 +0,0 @@
-name: snyk
-
-on:
-  push:
-    branches: [ master ]
-
-jobs:
-  security:
-    runs-on: ubuntu-latest
-
-    steps:
-    - uses: actions/checkout@v2
-      
-    - name: Run Snyk to check for vulnerabilities
-      uses: snyk/actions/golang@master
-      with:
-        command: monitor
-        args: --prune-repeated-subdependencies --project-name=dataflow-runner
-      env:
-        SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
\ No newline at end of file
diff --git a/CHANGELOG b/CHANGELOG
index 7a33891..ac37948 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,3 +1,8 @@
+Version 0.7.4 (2023-12-01)
+--------------------------
+Bump alpine version to 3.18.5 (#91)
+Scan Docker images in Snyk Github action (#90)
+
 Version 0.7.3 (2022-10-27)
 --------------------------
 Bump golang to 1.19.2 (#89)
diff --git a/Dockerfile b/Dockerfile
index 66851d6..d0aced5 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,4 +1,4 @@
-FROM alpine:3.16.2
+FROM alpine:3.18.5
 
 LABEL maintainer="Snowplow Analytics <support@snowplow.io>"
 
diff --git a/README.md b/README.md
index feceeb4..57aff3f 100644
--- a/README.md
+++ b/README.md
@@ -21,7 +21,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
 
-[release-image]: https://img.shields.io/badge/release-0.7.3-6ad7e5.svg?style=flat
+[release-image]: https://img.shields.io/badge/release-0.7.4-6ad7e5.svg?style=flat
 [releases]: https://github.com/snowplow/dataflow-runner/releases
 
 [license-image]: https://img.shields.io/badge/license-Apache--2-blue.svg?style=flat
diff --git a/VERSION b/VERSION
index f38fc53..0a1ffad 100644
--- a/VERSION
+++ b/VERSION
@@ -1 +1 @@
-0.7.3
+0.7.4
diff --git a/src/main.go b/src/main.go
index c7c26b5..81c299e 100644
--- a/src/main.go
+++ b/src/main.go
@@ -38,7 +38,7 @@ const (
 	appName          = "dataflow-runner"
 	appUsage         = "Run templatable playbooks of Hadoop/Spark/et al jobs on Amazon EMR"
 	appCopyright     = "(c) 2016-2022 Snowplow Analytics Ltd"
-	cliVersion       = "0.7.3"
+	cliVersion       = "0.7.4"
 	varDelim         = ","
 	fEmrConfig       = "emr-config"
 	fEmrPlaybook     = "emr-playbook"