diff --git a/.drone.yml b/.drone.yml
index 5509504..b00e48e 100644
--- a/.drone.yml
+++ b/.drone.yml
@@ -34,9 +34,18 @@ steps:
     repo: scm.project42.io/elia/blog
     dry_run: true
     squash: true
+    purge: false
     tags:
     - "${DRONE_COMMIT_SHA:0:8}"
 
+- name: trivy-scan
+  image: docker.io/aquasec/trivy:latest
+  commands:
+    - trivy image --exit-code 0 "scm.project42.io/elia/blog:${DRONE_COMMIT_SHA:0:8}"
+    - trivy image --exit-code 1 --severity CRITICAL "scm.project42.io/elia/blog:${DRONE_COMMIT_SHA:0:8}"
+  depends_on:
+    - test-build-container
+
 - name: build-container
   image: plugins/docker
   settings: