diff --git a/.github/workflows/dbca_build.yml b/.github/workflows/dbca_build.yml
index d645d20d..9e30ca64 100644
--- a/.github/workflows/dbca_build.yml
+++ b/.github/workflows/dbca_build.yml
@@ -62,11 +62,18 @@ jobs:
           tags: ${{ steps.meta_ckan_worker.outputs.tags }}
           build-args: CKAN_IMAGE=${{ steps.meta_ckan.outputs.tags }}
 
+      - name: Extract first tag
+        id: extract_first_tag
+        run: echo "::set-output name=first_tag::$(echo ${{ steps.meta_ckan.outputs.tags }} | cut -d ',' -f 1)"
+
+      - name: Use first tag
+        run: echo "Using image ref ghcr.io/dbca-wa/ckan-docker-ckan:${{ steps.extract_first_tag.outputs.first_tag }}"
+
       - name: Run Trivy vuln scanner on CKAN image
         uses: aquasecurity/trivy-action@0.26.0
         with:
           scan-type: "image"
-          image-ref: ${{ steps.meta_ckan.outputs.tags }}
+          image-ref: ${{ steps.extract_first_tag.outputs.first_tag }}
           vuln-type: "os,library"
           severity: "HIGH,CRITICAL"
           format: "sarif"
diff --git a/ckan/docker-entrypoint.d/02_setup_dbca.sh b/ckan/docker-entrypoint.d/02_setup_dbca.sh
index 805c2ba4..f9bcce2d 100644
--- a/ckan/docker-entrypoint.d/02_setup_dbca.sh
+++ b/ckan/docker-entrypoint.d/02_setup_dbca.sh
@@ -48,6 +48,10 @@ if [ ! -f /tmp/container_ready ]; then
         ckan -c $CKAN_INI pages initdb
     fi
 
+    if [[ $CKAN__PLUGINS == *"showcase"* ]]; then
+        ckan -c $CKAN_INI db upgrade -p showcase
+    fi
+
     if [[ $CKAN__PLUGINS == *"doi"* ]]; then
         ckan -c $CKAN_INI doi initdb
     fi