diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 571d896..22426fd 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -27,4 +27,16 @@ jobs:
       - id: run_helm_lint
         name: Run Helm lint
         run: helm lint --strict .
-      # TODO: Add trivy + sarif
+
+      - id: run_trivy_config
+        name: Run Trivy vulnerability scanner
+        # aquasecurity/trivy-action@v0.16.1
+        uses: aquasecurity/trivy-action@d43c1f16c00cfd3978dde6c07f4bbcf9eb6993ca
+        with:
+          scan-type: config
+          trivy-config: trivy.yaml
+          hide-progress: false
+          format: sarif
+          output: trivy.sarif
+
+      # TODO: Lint/trivy for examples/ folder ???????
diff --git a/trivy.yaml b/trivy.yaml
new file mode 100644
index 0000000..49804a8
--- /dev/null
+++ b/trivy.yaml
@@ -0,0 +1,7 @@
+timeout: 5m
+exit-code: 1
+severity:
+  - HIGH
+  - CRITICAL
+  - MEDIUM
+format: table