diff --git a/.drone.yml b/.drone.yml
index 91e7deb..8224cbe 100644
--- a/.drone.yml
+++ b/.drone.yml
@@ -38,21 +38,25 @@ steps:
     repo: scm.project42.io/elia/blog
     dry_run: true
     squash: true
-    purge: false
     tags:
     - "${DRONE_COMMIT_SHA:0:8}"
   depends_on:
     - clean-up-images
 
 - name: trivy-scan
-  image: docker.io/aquasec/trivy:latest
+  image: docker:dind
   volumes:
     - name: dockersock
       path: /var/run/docker.sock
   commands:
+    - export TRIVY_VERSION=$(wget -qO - "https://api.github.com/repos/aquasecurity/trivy/releases/latest" | grep '"tag_name":' | sed -E 's/.*"v([^"]+)".*/\1/')
+    - echo "$TRIVY_VERSION"
+    - export TRIVY_URL=$(printf "https://github.com/aquasecurity/trivy/releases/download/v%s/trivy_%s_Linux-64bit.tar.gz" "$TRIVY_VERSION" "$TRIVY_VERSION")
+    - echo "$TRIVY_URL"
+    - wget --no-verbose "$TRIVY_URL" -O - | tar -zxvf -
     - docker build -t "scm.project42.io/elia/blog:${DRONE_COMMIT_SHA:0:8}" .
-    - trivy image --exit-code 0 "scm.project42.io/elia/blog:${DRONE_COMMIT_SHA:0:8}"
-    - trivy image --exit-code 1 --severity CRITICAL "scm.project42.io/elia/blog:${DRONE_COMMIT_SHA:0:8}"
+    - ./trivy image --exit-code 0 "scm.project42.io/elia/blog:${DRONE_COMMIT_SHA:0:8}"
+    - ./trivy image --exit-code 1 --severity CRITICAL "scm.project42.io/elia/blog:${DRONE_COMMIT_SHA:0:8}"
     - docker rmi "scm.project42.io/elia/blog:${DRONE_COMMIT_SHA:0:8}"
   depends_on:
     - test-build-container