diff --git a/.drone.yml b/.drone.yml
index 77b9626..44e74e8 100644
--- a/.drone.yml
+++ b/.drone.yml
@@ -17,6 +17,45 @@ steps:
     when:
       event: pull_request
 
+  - name: build image
+    image: docker:dind
+    volumes:
+      - name: dockersock
+        path: /var/run/docker.sock
+    environment:
+      REGISTRY: registry.fedy95.com
+    commands:
+      - docker build -t "$REGISTRY"/baseimage-yamllint:$DRONE_COMMIT_SHA image -f image/Dockerfile
+    when:
+      event: pull_request
+
+  - name: trivy security check
+    image: aquasec/trivy
+    volumes:
+      - name: dockersock
+        path: /var/run/docker.sock
+    environment:
+      REGISTRY: registry.fedy95.com
+    commands:
+      - "trivy \
+         --exit-code 1 \
+         --format json \
+         --no-progress \
+         $REGISTRY/baseimage-yamllint:$DRONE_COMMIT_SHA"
+    when:
+      event: pull_request
+
+  - name: cleanup
+    image: docker:dind
+    volumes:
+      - name: dockersock
+        path: /var/run/docker.sock
+    commands:
+      - docker rmi registry.fedy95.com/baseimage-yamllint:$DRONE_COMMIT_SHA
+    when:
+      event: pull_request
+
+
   - name: release
     image: docker:dind
     volumes:
diff --git a/README.md b/README.md
index 37ce399..dd0cc62 100644
--- a/README.md
+++ b/README.md
@@ -6,3 +6,4 @@ Baseimage for CI tasks
 
 - [yamllint git](https://github.com/adrienverge/yamllint)
 - [alpine](https://pkgs.alpinelinux.org/packages?name=yamllint)
+- [trivy](https://github.com/aquasecurity/trivy)