diff --git a/clusters/k8s-avroid-office.prod.local/namespaces/avroid-prod/security/trivy-operator/argocd-apps-trivy-operator-network-policy.yaml b/clusters/k8s-avroid-office.prod.local/namespaces/avroid-prod/security/trivy-operator/argocd-apps-trivy-operator-network-policy.yaml
index 1a05aff..7fac3ae 100644
--- a/clusters/k8s-avroid-office.prod.local/namespaces/avroid-prod/security/trivy-operator/argocd-apps-trivy-operator-network-policy.yaml
+++ b/clusters/k8s-avroid-office.prod.local/namespaces/avroid-prod/security/trivy-operator/argocd-apps-trivy-operator-network-policy.yaml
@@ -17,38 +17,74 @@ spec:
         - namespaceSelector:
             matchLabels:
               kubernetes.io/metadata.name: ingress-nginx
-    # https://aquasecurity.github.io/trivy-operator/v0.23.0/getting-started/installation/troubleshooting/#installing-the-operator-in-a-namespace-with-default-deny-all-egressingress-network-policies
-    
 ---
+# https://aquasecurity.github.io/trivy-operator/v0.23.0/getting-started/installation/troubleshooting/#installing-the-operator-in-a-namespace-with-default-deny-all-egressingress-network-policies
 apiVersion: networking.k8s.io/v1
 kind: NetworkPolicy
 metadata:
-  name:  trivy-operator-out
+  name:  trivy-operator-out-443-4954
   namespace: avroid-prod
   labels:
     app.kubernetes.io/managed-by: argocd
 spec:
-  podSelector: {}
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: trivy-operator
   policyTypes:
     - Egress
   ingress: []
   egress:
-    # https://aquasecurity.github.io/trivy-operator/v0.23.0/getting-started/installation/troubleshooting/#installing-the-operator-in-a-namespace-with-default-deny-all-egressingress-network-policies
     - ports:
-        - port: 53
-          protocol: TCP
-        - port: 53
-          protocol: UDP
         - port: 443
           protocol: TCP
         - port: 4954
           protocol: TCP
+    - to:
+        - ipBlock:
+            cidr: 0.0.0.0/0
+---
+# https://aquasecurity.github.io/trivy-operator/v0.23.0/getting-started/installation/troubleshooting/#installing-the-operator-in-a-namespace-with-default-deny-all-egressingress-network-policies
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name:  trivy-operator-out-to-kubeapi
+  namespace: avroid-prod
+  labels:
+    app.kubernetes.io/managed-by: argocd
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: trivy-operator
+  policyTypes:
+    - Egress
+  ingress: []
+  egress:
+    - to:
+        - ipBlock:
+            cidr: 172.24.0.1/32
+---
+# https://aquasecurity.github.io/trivy-operator/v0.23.0/getting-started/installation/troubleshooting/#installing-the-operator-in-a-namespace-with-default-deny-all-egressingress-network-policies
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name:  trivy-operator-out-to-kube-system-dns
+  namespace: avroid-prod
+  labels:
+    app.kubernetes.io/managed-by: argocd
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: trivy-operator
+  policyTypes:
+    - Egress
+  ingress: []
+  egress:
+    - ports:
+        - port: 53
+          protocol: TCP
+        - port: 53
+          protocol: UDP
     - to:
         - namespaceSelector:
             matchLabels:
               kubernetes.io/metadata.name: kube-system
-        - podSelector:
-            matchLabels:
-              app.kubernetes.io/name: trivy
-        - ipBlock:
-            cidr: 172.24.0.1/32