diff --git a/Dockerfile.dapper b/Dockerfile.dapper
index 8824029fa6..c30fae86b9 100644
--- a/Dockerfile.dapper
+++ b/Dockerfile.dapper
@@ -9,6 +9,20 @@ ENV no_proxy=$no_proxy
 
 RUN apk -U --no-cache add bash git gcc musl-dev docker vim less file curl wget ca-certificates jq linux-headers zlib-dev tar zip squashfs-tools npm coreutils \
     python2 openssl-dev libffi-dev libseccomp libseccomp-dev make libuv-static sqlite-dev sqlite-static libselinux libselinux-dev zlib-dev zlib-static
+RUN if [ "$(go env GOARCH)" = "arm64" ]; then                                                               \
+    wget https://github.com/aquasecurity/trivy/releases/download/v0.11.0/trivy_0.11.0_Linux-ARM64.tar.gz && \
+    tar -zxvf trivy_0.11.0_Linux-ARM64.tar.gz                                                            && \
+    mv trivy /usr/local/bin;                                                                                \
+    elif [ "$(go env GOARCH)" = "arm" ]; then                                                               \
+    wget https://github.com/aquasecurity/trivy/releases/download/v0.11.0/trivy_0.11.0_Linux-ARM.tar.gz   && \
+    tar -zxvf trivy_0.11.0_Linux-ARM.tar.gz                                                              && \
+    mv trivy /usr/local/bin;                                                                                \
+    else                                                                                                    \
+    wget https://github.com/aquasecurity/trivy/releases/download/v0.11.0/trivy_0.11.0_Linux-64bit.tar.gz && \
+    tar -zxvf trivy_0.11.0_Linux-64bit.tar.gz                                                            && \
+    mv trivy /usr/local/bin;                                                                                \
+    fi
+RUN trivy --download-db-only
 RUN mkdir -p /go/src/golang.org/x && \
     cd /go/src/golang.org/x && git clone https://github.com/golang/tools && cd tools && \
     git checkout -b current aa82965741a9fecd12b026fbb3d3c6ed3231b8f8 && \
@@ -19,7 +33,7 @@ ARG DAPPER_HOST_ARCH
 ENV ARCH $DAPPER_HOST_ARCH
 
 RUN if [ "${ARCH}" = 'amd64' ]; then \
-        curl -sL https://install.goreleaser.com/github.com/golangci/golangci-lint.sh | sh -s v1.30.0; \
+    curl -sL https://install.goreleaser.com/github.com/golangci/golangci-lint.sh | sh -s v1.30.0; \
     fi
 
 ARG SELINUX=true
diff --git a/Makefile b/Makefile
index 1b2ff55f05..3eca4ec940 100644
--- a/Makefile
+++ b/Makefile
@@ -33,3 +33,7 @@ build/data:
 .PHONY: binary-size-check
 binary-size-check:
 	scripts/binary_size_check.sh
+
+.PHONY: image-scan
+image-scan:
+	scripts/image_scan.sh $(IMAGE)
diff --git a/scripts/image_scan.sh b/scripts/image_scan.sh
new file mode 100755
index 0000000000..605374350f
--- /dev/null
+++ b/scripts/image_scan.sh
@@ -0,0 +1,19 @@
+#/bin/sh
+
+set -e 
+
+if [ -n ${DEBUG} ]; then
+    set -x
+fi
+
+if [ -z $1 ]; then
+    echo "error: image name required as argument. exiting..."
+    exit 1
+fi
+
+IMAGE=$1
+SEVERITIES="HIGH,CRITICAL"
+
+trivy --quiet image --severity ${SEVERITIES}  --no-progress --ignore-unfixed ${IMAGE}
+
+exit 0
diff --git a/scripts/package-image b/scripts/package-image
index 0a81622455..9d8b3aeda3 100755
--- a/scripts/package-image
+++ b/scripts/package-image
@@ -15,4 +15,5 @@ PROXY_OPTS=
 [ -z "$https_proxy" ] || PROXY_OPTS="$PROXY_OPTS --build-arg https_proxy=$https_proxy"
 [ -z "$no_proxy" ] || PROXY_OPTS="$PROXY_OPTS --build-arg no_proxy=$no_proxy"
 docker build ${PROXY_OPTS} -t ${IMAGE} -f package/Dockerfile .
+./scripts/image_scan.sh ${IMAGE}
 echo Built ${IMAGE}