diff --git a/clusters/k8s-avroid-office.prod.local/namespaces/automations-tools/helm-aggregator/values.yaml b/clusters/k8s-avroid-office.prod.local/namespaces/automations-tools/helm-aggregator/values.yaml
index 4c7c2b1..94d5603 100644
--- a/clusters/k8s-avroid-office.prod.local/namespaces/automations-tools/helm-aggregator/values.yaml
+++ b/clusters/k8s-avroid-office.prod.local/namespaces/automations-tools/helm-aggregator/values.yaml
@@ -40,9 +40,11 @@ nodeSelector:
   nodetype: worker
 
 config: |
+  port: "8080"
   repos:
     - name: wiremind
       url: https://wiremind.github.io/wiremind-helm-charts
     - name: stevehipwell
       url: https://stevehipwell.github.io/helm-charts
-  port: "8080"
+    - name: aquasecurity
+      url: https://aquasecurity.github.io/helm-charts
diff --git a/clusters/k8s-avroid-office.prod.local/namespaces/avroid-prod/security/trivy/argocd-apps-trivy-app.yaml b/clusters/k8s-avroid-office.prod.local/namespaces/avroid-prod/security/trivy/argocd-apps-trivy-app.yaml
new file mode 100644
index 0000000..29da6bc
--- /dev/null
+++ b/clusters/k8s-avroid-office.prod.local/namespaces/avroid-prod/security/trivy/argocd-apps-trivy-app.yaml
@@ -0,0 +1,55 @@
+---
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: trivy
+  namespace: argocd
+  finalizers:
+    - resources-finalizer.argocd.argoproj.io
+spec:
+  project: trivy
+  destination:
+    server: https://kubernetes.default.svc
+    namespace: avroid-prod
+  sources:
+    - repoURL: https://git.avroid.tech/K8s/k8s-configs.git
+      targetRevision: master
+      ref: values
+    - repoURL: https://nexus.avroid.tech/repository/devops-helm-proxy-helm/
+      chart: "aquasecurity/trivy"
+      targetRevision: 0.11.1
+      helm:
+        valueFiles:
+          - $values/clusters/k8s-avroid-office.prod.local/namespaces/avroid-prod/security/trivy/values-ovveride.yaml
+  syncPolicy:
+    automated:
+      prune: true
+      selfHeal: true
+    syncOptions:
+      - ApplyOutOfSyncOnly=true
+      - CreateNamespace=true
+---
+apiVersion: argoproj.io/v1alpha1
+kind: AppProject
+metadata:
+  name: trivy
+  namespace: argocd
+  # Finalizer that ensures that project is not deleted until it is not referenced by any application
+  finalizers:
+    - resources-finalizer.argocd.argoproj.io
+spec:
+  sourceRepos:
+    - https://git.avroid.tech/K8s/k8s-configs.git
+    - https://nexus.avroid.tech/repository/devops-helm-proxy-helm/
+  # Only permit applications to deploy to the guestbook namespace in the same cluster
+  destinations:
+    - namespace: avroid-prod
+      server: https://kubernetes.default.svc
+  # Deny all cluster-scoped resources from being created, except for Namespace
+  clusterResourceWhitelist:
+    - group: ''
+      kind: Namespace
+    - group: '*'
+      kind: PersistentVolume
+    - group: '*'
+      kind: PersistentVolumeClaim
diff --git a/clusters/k8s-avroid-office.prod.local/namespaces/avroid-prod/security/trivy/argocd-apps-trivy-network-policy.yaml b/clusters/k8s-avroid-office.prod.local/namespaces/avroid-prod/security/trivy/argocd-apps-trivy-network-policy.yaml
new file mode 100644
index 0000000..7b1dbd2
--- /dev/null
+++ b/clusters/k8s-avroid-office.prod.local/namespaces/avroid-prod/security/trivy/argocd-apps-trivy-network-policy.yaml
@@ -0,0 +1,38 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: trivy-in
+  namespace: avroid-prod
+  labels:
+    app.kubernetes.io/managed-by: argocd
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: trivy
+  policyTypes:
+    - Ingress
+  ingress:
+    - from:
+        - namespaceSelector:
+            matchLabels:
+              kubernetes.io/metadata.name: ingress-nginx
+---
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: trivy-out
+  namespace: avroid-prod
+  labels:
+    app.kubernetes.io/managed-by: argocd
+spec:
+  podSelector: {}
+  policyTypes:
+    - Egress
+  ingress: []
+  egress:
+    - ports:
+        - port: 443
+          protocol: TCP
+        - port: 80
+          protocol: TCP
diff --git a/clusters/k8s-avroid-office.prod.local/namespaces/avroid-prod/security/trivy/values-ovveride.yaml b/clusters/k8s-avroid-office.prod.local/namespaces/avroid-prod/security/trivy/values-ovveride.yaml
new file mode 100644
index 0000000..b72375c
--- /dev/null
+++ b/clusters/k8s-avroid-office.prod.local/namespaces/avroid-prod/security/trivy/values-ovveride.yaml
@@ -0,0 +1,40 @@
+image:
+  registry: harbor.avroid.tech/docker-hub-proxy
+  repository: aquasec/trivy
+
+replicaCount: 1
+
+persistence:
+  enabled: true
+  storageClass: "san-01-raid6"
+  accessMode: ReadWriteOnce
+  size: 5Gi
+
+resources:
+  requests:
+    cpu: 200m
+    memory: 512Mi
+  limits:
+    cpu: 1
+    memory: 1Gi
+
+## Node labels for pod assignment
+## Ref: https://kubernetes.io/docs/user-guide/node-selection/
+nodeSelector:
+  node-role.kubernetes.io/worker: ""
+
+ingress:
+  enabled: true
+  # From Kubernetes 1.18+ this field is supported in case your ingress controller supports it. When set, you do not need to add the ingress class as annotation.
+  ingressClassName: "nginx"
+  annotations:
+    kubernetes.io/ingress.class: nginx
+  hosts:
+    - host: trivy.avroid.tech
+  path: "/"
+  # type is only needed for networking.k8s.io/v1 in k8s 1.19+
+  pathType: Prefix
+  tls: []
+  #  - secretName: trivy-example-tls
+  #    hosts:
+  #      - trivy.example.com