diff --git a/.github/workflows/push_docker.yml b/.github/workflows/publish_image.yml
similarity index 98%
rename from .github/workflows/push_docker.yml
rename to .github/workflows/publish_image.yml
index df3dd4f..eb6f844 100644
--- a/.github/workflows/push_docker.yml
+++ b/.github/workflows/publish_image.yml
@@ -1,4 +1,4 @@
-name: Publish Docker Image
+name: Publish Image to Docker
 
 on:
   push:
diff --git a/.github/workflows/publish_image_on_push.yml b/.github/workflows/publish_image_on_push.yml
new file mode 100644
index 0000000..6430667
--- /dev/null
+++ b/.github/workflows/publish_image_on_push.yml
@@ -0,0 +1,24 @@
+name: Publish Image to GHCR on push
+
+on:
+  push:
+    branches-ignore:
+      - main
+      
+jobs:
+  build_image_on_push:
+    name: "Publish image and scan with trivy"
+    if: ${{ github.event_name == 'push' }}
+    permissions:
+      packages: write
+      security-events: write
+      contents: read
+    uses: dBildungsplattform/dbp-github-workflows/.github/workflows/image-publish-trivy.yaml@5.0.1
+    with:
+      image_name: "schulcloud-nextcloud"
+      run_trivy_scan: true
+      image_tag_generation: 'ticket_from_branch'
+      container_registry: "ghcr.io"
+      fail_on_vulnerabilites: true
+      report_location: "Dockerfile"
+      target: "production"
\ No newline at end of file
diff --git a/Dockerfile b/Dockerfile
index c4e2948..42622e3 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:1
-FROM nextcloud:26.0.8 AS base
+FROM nextcloud:27.1.6 AS base
 
 USER root