diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 6ce201f..b17b725 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -1,29 +1,76 @@
+include:
+  - template: Security/Secret-Detection.gitlab-ci.yml
+  - template: Security/SAST.gitlab-ci.yml
+  - template: Security/Container-Scanning.gitlab-ci.yml
 
 stages:
-  - verify
+  - test
   - build
+  - trivy
 
 variables:
-  IMAGE_NAME: "$CI_REGISTRY_IMAGE"
-
-image: docker:latest
+  STORAGE_DRIVER: vfs
+  BUILDAH_FORMAT: docker
+  BUILDAH_ISOLATION: chroot
 
 # Beyond this point, each top level item is a Job name (beside templates)
 # NB: each job is run on a separate container
 
 docker:lint:
-  stage: verify
+  stage: test
   image: projectatomic/dockerfile-lint
   script:
     - dockerfile_lint -p -f ansible.Dockerfile
 
 build:
   stage: build
-  image: docker:latest
+  image: fedora
   script:
-    - docker login -u "$CI_REGISTRY_USER" -p "$CI_BUILD_TOKEN" "$CI_REGISTRY"
-    - export DATE=$(date +%Y%m%d)
-    - docker build -f ansible.Dockerfile -t $CI_REGISTRY_IMAGE:$DATE .
-    - docker push $CI_REGISTRY_IMAGE:$DATE
-    - docker build -f ansible.Dockerfile -t $CI_REGISTRY_IMAGE:latest .
-    - docker push $CI_REGISTRY_IMAGE:latest
+    - dnf install -y podman buildah git
+    - sed -i '/^mountopt =.*/d' /etc/containers/storage.conf
+    - podman login -u "$CI_REGISTRY_USER" -p "$CI_BUILD_TOKEN" "$CI_REGISTRY"
+    - podman pull "$CI_REGISTRY_IMAGE:latest"
+    - export DATE=$(date +%Y%m%d --date="@`git show -s --format=%ct $CI_COMMIT_SHA`")
+    - podman build --cache-from "$CI_REGISTRY_IMAGE:latest" -f ansible.Dockerfile -t ${CI_REGISTRY_IMAGE}:$DATE -t ${CI_REGISTRY_IMAGE}:latest .
+    - podman push ${CI_REGISTRY_IMAGE}:$DATE
+    - podman push ${CI_REGISTRY_IMAGE}:latest
+
+# Scan with Trivy. Normaly image is at ${CI_APPLICATION_REPOSITORY}:${CI_APPLICATION_TAG}
+#container_scanning:trivy:
+trivy:
+  stage: trivy
+  image: docker.io/aquasec/trivy:latest
+  allow_failure: true
+  interruptible: true
+  variables:
+    GIT_STRATEGY: fetch
+    CI_APPLICATION_REPOSITORY: ""
+    CI_APPLICATION_TAG: ""
+    TRIVY_USERNAME: "$CI_REGISTRY_USER"
+    TRIVY_PASSWORD: "$CI_REGISTRY_PASSWORD"
+    TRIVY_AUTH_URL: "$CI_REGISTRY"
+    TRIVY_SEVERITY: "HIGH,CRITICAL"
+  script:
+    - export DATE=$(date +%Y%m%d --date="@`git show -s --format=%ct $CI_COMMIT_SHA`")
+    - trivy --version
+    # Build report
+    - trivy --exit-code 0 --cache-dir .trivycache/ --no-progress --format template --template "@/contrib/gitlab.tpl" -o gl-container-scanning-report.json ${CI_REGISTRY_IMAGE}:$DATE
+    # Print report
+    - trivy --exit-code 0 --cache-dir .trivycache/ --no-progress ${CI_REGISTRY_IMAGE}:$DATE
+    # Fail on high and critical vulnerabilities
+    - trivy --exit-code 1 --cache-dir .trivycache/ --no-progress ${CI_REGISTRY_IMAGE}:$DATE
+  cache:
+    paths:
+      - .trivycache/
+  artifacts:
+    reports:
+      container_scanning: gl-container-scanning-report.json
+  dependencies: []
+#  only:
+#    refs:
+#      - branches
+#    variables:
+#      - $GITLAB_FEATURES =~ /\bcontainer_scanning\b/
+  except:
+    variables:
+      - $CONTAINER_SCANNING_DISABLED
\ No newline at end of file
diff --git a/ansible.Dockerfile b/ansible.Dockerfile
index 57b627a..9a6b94c 100644
--- a/ansible.Dockerfile
+++ b/ansible.Dockerfile
@@ -19,21 +19,6 @@ RUN apk --no-cache --update add ca-certificates bash curl openssh-client openssl
 #    apk --no-cache upgrade && \
     ln -s /usr/local/bin/python3 /usr/bin/python3
 
-#RUN VAULT_VERSION=1.7.3 && \
-#    wget https://releases.hashicorp.com/vault/${VAULT_VERSION}/vault_${VAULT_VERSION}_linux_amd64.zip && \
-#    unzip vault_${VAULT_VERSION}_linux_amd64.zip && \
-#    install vault /usr/local/bin/vault -o root -g root -m 0755 && \
-#    rm -f vault vault_${VAULT_VERSION}_linux_amd64.zip && \
-RUN KUBECTL_VERSION=v1.21.3 && HELM_VERSION=v3.6.2 && \
-    wget https://storage.googleapis.com/kubernetes-release/release/${KUBECTL_VERSION}/bin/linux/amd64/kubectl && \
-    install kubectl /usr/local/bin/kubectl -o root -g root -m 0755 && \
-    rm -f kubectl && \
-    wget https://get.helm.sh/helm-${HELM_VERSION}-linux-amd64.tar.gz && \
-    tar -zxf helm-${HELM_VERSION}-linux-amd64.tar.gz && \
-    install -o root -g root -m 0755 linux-amd64/helm /usr/local/bin/helm && \
-    rm -fr helm-${HELM_VERSION}-linux-amd64.tar.gz linux-amd64 && \
-    helm plugin install https://github.com/databus23/helm-diff
-
 RUN apk --update add --virtual build-dependencies gcc rust cargo musl-dev libffi-dev openssl-dev build-base libvirt-dev postgresql-dev && \
     pip3 install ansible asn1crypto bcrypt cachetools certifi cffi chardet cryptography dictdiffer \
       docker-py google-auth httplib2 hvac idna ipaddress Jinja2 jmespath jsonpatch jsonpointer jsonschema \
@@ -48,6 +33,6 @@ RUN apk --update add --virtual build-dependencies gcc rust cargo musl-dev libffi
     echo "localhost" >> /etc/ansible/hosts
 #RUN update-ca-certificates
 
-RUN ansible-galaxy collection install kubernetes.core ansible.posix community.general community.libvirt ngine_io.cloudstack google.cloud community.digitalocean
+#RUN ansible-galaxy collection install kubernetes.core ansible.posix community.general community.libvirt ngine_io.cloudstack google.cloud community.digitalocean
 
 CMD ["ansible"]
\ No newline at end of file