diff --git a/.woodpecker/build-container.yml b/.woodpecker/build-container.yml
index 41dd9ea..eb43f5c 100644
--- a/.woodpecker/build-container.yml
+++ b/.woodpecker/build-container.yml
@@ -24,7 +24,6 @@ steps:
       TRIVY_NO_PROGRESS: "true"
       TRIVY_SEVERITY: HIGH,CRITICAL
       TRIVY_TIMEOUT: 1m
-      TRIVY_SKIP_FILES: /usr/local/bin/gomplate,/usr/local/bin/helm,/usr/local/bin/polaris,/usr/local/bin/yq
 
   publish-dockerhub:
     group: container
diff --git a/Containerfile.multiarch b/Containerfile.multiarch
index c8d632f..f2589ba 100644
--- a/Containerfile.multiarch
+++ b/Containerfile.multiarch
@@ -59,7 +59,8 @@ RUN apk --update add curl tar bash python3 pipx findutils git && \
     chmod 755 /usr/local/bin/kustomize && \
     chmod 755 /usr/local/bin/kubeconform && \
     rm -rf /var/cache/apk/* && \
-    rm -rf /tmp/*
+    rm -rf /tmp/* && \
+    rm -rf /root/.cache/
 
 ADD overlay/ /
 
diff --git a/trivy-secret.yaml b/trivy-secret.yaml
new file mode 100644
index 0000000..3287627
--- /dev/null
+++ b/trivy-secret.yaml
@@ -0,0 +1,4 @@
+---
+allow-rules:
+  - id: aws-secret-access-key
+    path: .*/flux-local/.*/site-packages/GitPython-.*\.dist-info/METADATA
diff --git a/trivy.yaml b/trivy.yaml
new file mode 100644
index 0000000..46bfe8e
--- /dev/null
+++ b/trivy.yaml
@@ -0,0 +1,7 @@
+---
+scan:
+  skip-files:
+    - /usr/local/bin/gomplate
+    - /usr/local/bin/helm
+    - /usr/local/bin/polaris
+    - /usr/local/bin/yq