diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml
index 5d5d3253..7b1cb946 100644
--- a/.github/workflows/docker-publish.yml
+++ b/.github/workflows/docker-publish.yml
@@ -135,8 +135,18 @@ jobs:
           severity: 'CRITICAL,HIGH'
         continue-on-error: true
 
-      - name: Upload Trivy results
+      - name: Check Trivy SARIF exists
         if: github.event_name != 'pull_request' && steps.skip.outputs.skip_build != 'true'
+        id: trivy-check
+        run: |
+          if [ -f trivy-results.sarif ]; then
+            echo "exists=true" >> $GITHUB_OUTPUT
+          else
+            echo "exists=false" >> $GITHUB_OUTPUT
+          fi
+
+      - name: Upload Trivy results
+        if: github.event_name != 'pull_request' && steps.skip.outputs.skip_build != 'true' && steps.trivy-check.outputs.exists == 'true'
         uses: github/codeql-action/upload-sarif@e12f0178983d466f2f6028f5cc7a6d786fd97f4b # v4
         with:
           sarif_file: 'trivy-results.sarif'