diff --git a/defaults/main.yml b/defaults/main.yml
index 0aabdbb..db81688 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -5,3 +5,6 @@ my_context: minikube
 #drone_storage_classname:
 #gitea_certificate: certificate_secret_name
 #drone_storage_classname:
+trivy_namespace: trivy
+trivy_version: 0.16.0
+#trivy_storage_classname: 
\ No newline at end of file
diff --git a/tasks/main.yml b/tasks/main.yml
index 04f9e0a..f0c1f43 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -92,3 +92,39 @@
       - drone-runner
   tags:
     - drone
+
+# https://github.com/aquasecurity/trivy/tree/main/helm/trivy
+- name: Trivy Setup
+  block:
+  - name: Git clone stable repo on HEAD
+    ansible.builtin.git:
+      repo: "https://github.com/aquasecurity/trivy.git"
+      dest: tmp/trivy
+  - name: Deploy trivy chart from local path
+    community.kubernetes.helm:
+      state: present
+      name: trivy
+      context: "{{ my_context }}"
+      chart_ref: tmp/trivy/helm/trivy
+      release_namespace: "{{ trivy_namespace }}"
+      create_namespace: true
+      values:
+        image:
+          tag: "{{ trivy_version }}"
+#        persistence:
+#          storageClass: "{{ trivy_storage_classname }}"
+#        trivy:
+#          gitHubToken: ""
+#          cache:
+#            redis:
+#              enabled: false
+#              url: "" # e.g. redis://redis.redis.svc:6379
+#        ingress:
+#          enabled: false
+#          annotations: {}
+#            # kubernetes.io/ingress.class: nginx
+#          hosts:
+#            - host: trivy.{{ traefik_domain }}
+
+  tags:
+    - trivy