diff --git a/.github/workflows/ark.trivy.yaml b/.github/workflows/ark.trivy.yaml
new file mode 100644
index 0000000..737ff37
--- /dev/null
+++ b/.github/workflows/ark.trivy.yaml
@@ -0,0 +1,35 @@
+name: Trivy Security Scan
+
+on:
+  push:
+    branches: ["master"]
+  pull_request:
+    branches: ["master"]
+
+jobs:
+  build:
+    name: Build and Scan
+    runs-on: ubuntu-20.04
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v2
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v1
+
+      - name: Build an image from Dockerfile
+        uses: docker/build-push-action@v2
+        with:
+          context: .
+          load: true
+          tags: ${{ github.repository }}:${{ github.sha }}
+
+      - name: Run Trivy vulnerability scanner
+        uses: aquasecurity/trivy-action@0.24.0
+        with:
+          image-ref: "${{ github.repository }}:${{ github.sha }}"
+          format: "table"
+          exit-code: "1"
+          ignore-unfixed: true
+          vuln-type: "os,library"
+          severity: "CRITICAL,HIGH"