diff --git a/.drone.yml b/.drone.yml
index 44e74e8..b7855a8 100644
--- a/.drone.yml
+++ b/.drone.yml
@@ -45,6 +45,19 @@ steps:
     when:
       event: pull_request
 
+  - name: grype security check
+    image: anchore/grype
+    volumes:
+      - name: dockersock
+        path: /var/run/docker.sock
+    environment:
+      REGISTRY: registry.fedy95.com
+    commands:
+      - "grype $REGISTRY/baseimage-yamllint:$DRONE_COMMIT_SHA --scope all-layers --fail-on=critical"
+    when:
+      event: pull_request
+
+
   - name: cleanup
     image: docker:dind
     volumes: