diff --git a/.github/actions/build-image/action.yaml b/.github/actions/build-image/action.yaml
new file mode 100644
index 0000000..6a1dede
--- /dev/null
+++ b/.github/actions/build-image/action.yaml
@@ -0,0 +1,68 @@
+name: build-and-deploy-image
+
+inputs:
+  registry:
+    description: The registry to deploy to
+    required: true
+  image_name:
+    description: The name of the docker image
+    required: true
+  username:
+    description: The username to login to the container registry
+    required: true
+  password:
+    description: The password to login to the container registry
+    required: true
+
+runs:
+  using: composite
+  steps:
+    - uses: actions/checkout@v4
+    - name: Log in to the Container registry
+      uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1
+      with:
+        registry: ${{ inputs.registry }}
+        username: ${{ inputs.username }}
+        password: ${{ inputs.password }}
+    
+    - name: Extract metadata (tags, labels) for Docker
+      id: meta
+      uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7
+      with:
+        images: ${{ inputs.registry }}/${{ inputs.image_name }}
+        tags: type=sha,format=long
+
+    - name: Build and push Docker image
+      id: push
+      uses: docker/build-push-action@f2a1d5e99d037542a71f64918e516c093c6f3fc4
+      with:
+        context: .
+        push: true
+        tags: ${{ steps.meta.outputs.tags }}
+        labels: ${{ steps.meta.outputs.labels }}
+    
+    - name: install yq
+      shell: bash
+      run: |
+        sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys CC86BB64
+        sudo add-apt-repository ppa:rmescandon/yq -y
+        sudo apt update -y
+        sudo apt install yq -y
+
+    - name: Commit changes
+      shell: bash
+      env:
+        IMAGE_TAG: docker://${{ steps.meta.outputs.tags }}
+      run: |
+        git config --global user.name 'Github'
+        git config --global user.email 'github@users.noreply.github.com'
+
+        yq e ".runs.image = env(IMAGE_TAG)" -i action.yml
+        git add action.yml
+        git diff-index --quiet HEAD || (git commit -m "[Auto] Image tag updated latest pushed version" && git push)
+   
+
+    
+
+
+    
\ No newline at end of file
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index f81b7bf..865b9d7 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -5,8 +5,15 @@ on:
     branches:
       - 'main'
 
+env:
+  REGISTRY: ghcr.io
+  IMAGE_NAME: ${{ github.repository }}
+
 permissions:
   contents: write
+  packages: write
+  checks: write
+  id-token: write
 
 jobs:
   lint:
@@ -22,16 +29,20 @@ jobs:
     needs: [ lint ]
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
-      - name: Build local scanner action image
-        run: |
-          docker build .
+      - uses: actions/checkout@v4
+      - uses: ./.github/actions/build-image
+        name: Build and publish docker image
+        with:
+          registry: ${{ env.REGISTRY }}
+          image_name: ${{ env.IMAGE_NAME }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
 
   verify-action:
     runs-on: ubuntu-latest
     needs: [ build-action-docker-image ]
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - uses : ./
         name: Run action against itself
         with:
@@ -47,7 +58,7 @@ jobs:
     runs-on: ubuntu-latest
     needs: [ verify-action ]
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: Install modules
         run: npm ci
       - name: release
diff --git a/.github/workflows/validate.yaml b/.github/workflows/validate.yaml
index 40f110f..21eefc2 100644
--- a/.github/workflows/validate.yaml
+++ b/.github/workflows/validate.yaml
@@ -6,15 +6,21 @@ on:
     - '*'
     - '!main'
 
+env:
+  REGISTRY: ghcr.io
+  IMAGE_NAME: ${{ github.repository }}
+
 permissions:
-  contents: read
+  contents: write
+  packages: write
   checks: write
+  id-token: write
 
 jobs:
   lint:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: Install modules
         run: npm ci
       - name: eslint
@@ -24,16 +30,20 @@ jobs:
     needs: [ lint ]
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
-      - name: Build local scanner action image
-        run: |
-          docker build .
+      - uses: actions/checkout@v4
+      - uses: ./.github/actions/build-image
+        name: Build and publish docker image
+        with:
+          registry: ${{ env.REGISTRY }}
+          image_name: ${{ env.IMAGE_NAME }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
   
   verify-action:
     runs-on: ubuntu-latest
     needs: [ build-action-docker-image ]
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - uses : ./
         name: Run action against repoository
         with:
diff --git a/action.yml b/action.yml
index b0b845b..d419c1c 100644
--- a/action.yml
+++ b/action.yml
@@ -4,7 +4,7 @@ branding:
   icon: crosshair
   color: green
 inputs:
-  apiUrl:  # id of input
+  apiUrl: # id of input
     description: Url of your contrast instance, defaults to https://app.contrastsecurity.com/
     required: true
     default: 'https://app.contrastsecurity.com/'
@@ -22,8 +22,8 @@ inputs:
     required: true
   checks:
     description: >
-      If set, checks will be added to the current commit based on any vulnerabilities found.
-      Requires the 'checks: write' permission.
+      If set, checks will be added to the current commit based on any vulnerabilities found. Requires the 'checks: write' permission.
+
     required: false
     default: false
   codeQuality:
@@ -32,8 +32,8 @@ inputs:
     default: false
   defaultBranch:
     description: >
-      Set this to true or false explicitly override the default branching behviour in scan whereby scan results
-      not on the default github branch are not saved against the main project.
+      Set this to true or false explicitly override the default branching behviour in scan whereby scan results not on the default github branch are not saved against the main project.
+
     required: false
   label:
     description: Label to associate with the current scan. Defaults to the current ref e.g. refs/heads/main
@@ -51,14 +51,14 @@ inputs:
     required: false
   strategy:
     description: >
-      Used in conjuction with severity or checks, set this valid to fail the build based on agreggated project
-      vulnerabilities or scan level. Valid values are "project" or "scan". Defaults to "project".
+      Used in conjuction with severity or checks, set this valid to fail the build based on agreggated project vulnerabilities or scan level. Valid values are "project" or "scan". Defaults to "project".
+
     required: false
     default: "project"
   severity:
     description: >
-      Set this to cause the build to fail if vulnerabilities are found exceeding this severity or higher.
-      Valid values are CRITICAL, HIGH, MEDIUM, LOW, NOTE.
+      Set this to cause the build to fail if vulnerabilities are found exceeding this severity or higher. Valid values are CRITICAL, HIGH, MEDIUM, LOW, NOTE.
+
     required: false
   timeout:
     description: Execution timeout (in seconds) setting passed to the underlying scan engine. Defaulted to 60 minutes.
@@ -66,8 +66,9 @@ inputs:
   token:
     description: >
       GitHub token for GitHub API requests. Defaults to GITHUB_TOKEN.
+
     required: true
     default: ${{ github.token }}
 runs:
   using: 'docker'
-  image: 'Dockerfile'
\ No newline at end of file
+  image: 'ghcr.io/contrast-security-oss/contrast-local-scan-action:sha-ff0a63a22c9c93d850d6cab1a191217efdc017ae'