diff --git a/.github/ISSUE_TEMPLATE/release-template.md b/.github/ISSUE_TEMPLATE/release-template.md
index 3d75d13bb..fb802b6f4 100644
--- a/.github/ISSUE_TEMPLATE/release-template.md
+++ b/.github/ISSUE_TEMPLATE/release-template.md
@@ -27,6 +27,7 @@ git push origin release/$RELEASE
 | DOCKER_PUBLISH              | false           |
 | RUN_TEST                    | true            |
 | OVERWRITE_DOCKER_LATEST_TAG | false           |
+| RUN_TRIVY_SCAN              | true            |
 
 - [ ] Create a release branch for the harvest-metrics repo like so:
 ```bash
@@ -76,6 +77,7 @@ bin/harvest generate metrics --poller POLLERNAME
 | DOCKER_PUBLISH              | true            |
 | RUN_TEST                    | true            |
 | OVERWRITE_DOCKER_LATEST_TAG | true            |
+| RUN_TRIVY_SCAN              | true            |
 
 - [ ] [Draft a new release](https://github.com/NetApp/harvest/releases). Use `v$RELEASE` for the tag and pick the release/$RELEASE branch.
 - [ ] Type `$RELEASE` in the `Release title` text input 
diff --git a/jenkins/artifacts/jenkinsfile b/jenkins/artifacts/jenkinsfile
index 6afecf2cc..23073ed23 100644
--- a/jenkins/artifacts/jenkinsfile
+++ b/jenkins/artifacts/jenkinsfile
@@ -9,6 +9,7 @@ pipeline {
 		string(name: 'DOCKER_PUBLISH', defaultValue: 'false', description: 'true to publish to dockerhub')
 		string(name: 'RUN_TEST', defaultValue: 'true', description: 'false to skip test')
 		string(name: 'OVERWRITE_DOCKER_LATEST_TAG', defaultValue: 'false', description: 'true to overwrite latest tag at dockerhub. Works only if DOCKER_PUBLISH is true')
+		string(name: 'RUN_TRIVY_SCAN', defaultValue: 'false', description: 'true to run Trivy image scan')
     }
 
     environment {
@@ -185,6 +186,25 @@ pipeline {
             }
         }
 
+        stage('Trivy Image Scan') {
+            when {
+                expression {
+                    return params.RUN_TRIVY_SCAN == 'true';
+                }
+            }
+            steps {
+                script {
+                    currentStage = 'Trivy Image Scan'
+                }
+                sh '''
+                curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sudo sh -s -- -b /usr/local/bin
+                export PATH=/usr/local/bin:$PATH
+                trivy image --db-repository public.ecr.aws/aquasecurity/trivy-db --exit-code 1 ${ghcrImage}:latest
+                trivy image --db-repository public.ecr.aws/aquasecurity/trivy-db --exit-code 1 ${ghcrImage}:latest-fips
+                '''
+            }
+        }
+
          stage('Publish builds locally'){
           steps {
               script {