diff --git a/.lint/trivy/trivy-scan.sh b/.lint/trivy/trivy-scan.sh
new file mode 100755
index 00000000..350e8f58
--- /dev/null
+++ b/.lint/trivy/trivy-scan.sh
@@ -0,0 +1,3 @@
+# Since Trivy does not have a pre-commit hook by default, this is a custom hook script
+#!/bin/bash
+trivy config --config .lint/trivy/trivy.yaml --ignorefile .trivyignore
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index bb92c0a0..e599750f 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -71,3 +71,11 @@ repos:
       rev: 0.2.3
       hooks:
           - id: yamlfmt
+
+    - repo: local
+      hooks:
+          - id: trivy-scan
+            name: Trivy Scan
+            entry: .lint/trivy/trivy-scan.sh
+            language: script
+            types: [yaml, terraform]
diff --git a/.tool-versions b/.tool-versions
index 9ce9e0af..2fb62d21 100644
--- a/.tool-versions
+++ b/.tool-versions
@@ -33,3 +33,5 @@ terraform-docs 0.19.0
 tflint 0.55.0
 
 tfsec 1.28.13
+
+trivy 0.58.1