diff --git a/container-scan.yml b/container-scan.yml
new file mode 100644
index 0000000..fde0286
--- /dev/null
+++ b/container-scan.yml
@@ -0,0 +1,33 @@
+.publish-image-jib:
+  image: $MAVEN_IMAGE
+  stage: test
+  variables:
+    TRIVY_VERSION: 0.18.3
+    PROJECT_DIR: $CI_PROJECT_DIR
+    DOCKERFILE_LOCATION: $CI_PROJECT_DIR/Dockerfile
+    CONTEXT_LOCATION: $CI_PROJECT_DIR
+  before_script:
+    - wget "https://github.com/aquasecurity/trivy/releases/download/v${TRIVY_VERSION}/trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz"
+    - tar zxvf trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz
+  script:
+    - mvn $MAVEN_CLI_OPTS compile jib:buildTar -DskipTests
+    - ./trivy --exit-code 0 --severity HIGH --no-progress --auto-refresh --input target/jib-image.tar
+    - ./trivy --exit-code 1 --severity CRITICAL --no-progress --auto-refresh --input target/jib-image.tar
+
+.check-kani:
+  stage: test
+  image:
+    name: gcr.io/kaniko-project/executor:debug
+    entrypoint: [ "" ]
+  variables:
+    TRIVY_VERSION: 0.18.3
+    PROJECT_DIR: $CI_PROJECT_DIR
+    DOCKERFILE_LOCATION: $CI_PROJECT_DIR/Dockerfile
+    CONTEXT_LOCATION: $CI_PROJECT_DIR
+  before_script:
+    - wget "https://github.com/aquasecurity/trivy/releases/download/v${TRIVY_VERSION}/trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz"
+    - tar zxvf trivy_${TRIVY_VERSION}_Linux-64bit.tar.gz
+  script:
+    - /kaniko/executor --context $CONTEXT_LOCATION --dockerfile $DOCKERFILE_LOCATION --cache-dir cache/image --tarPath  image.tar --no-push --destination image
+    - ./trivy --exit-code 0 --severity HIGH --no-progress --auto-refresh --input image.tar
+    - ./trivy --exit-code 1 --severity CRITICAL --no-progress --auto-refresh --input image.tar
\ No newline at end of file