diff --git a/.woodpecker.yml b/.woodpecker.yml
index 74c07dc..98ef320 100644
--- a/.woodpecker.yml
+++ b/.woodpecker.yml
@@ -13,12 +13,42 @@ steps:
       dockerfile: Dockerfile
     when:
       - event: [push, tag]
-  scan_image:
-    image: aquasec/trivy
+        
+  scan:
+    image: quay.io/wollud1969/woodpecker-helper:0.5.1
+    environment:
+      TRIVY_TOKEN:
+        from_secret: trivy_token
+      TRIVY_URL:
+        from_secret: trivy_url
+      DTRACK_API_KEY:
+        from_secret: dtrack_api_key
+      DTRACK_API_URL:
+        from_secret: dtrack_api_url
     commands:
-      - TRIVY_DISABLE_VEX_NOTICE=1 trivy image $FORGE_NAME/$CI_REPO:$CI_COMMIT_SHA --quiet --exit-code 1
+      - HOME=/home/`id -nu`
+      - TAG="${CI_COMMIT_TAG:-$CI_COMMIT_SHA}"
+      - |
+        trivy image \
+              --server $TRIVY_URL \
+              --token $TRIVY_TOKEN \
+              --format cyclonedx \
+              --scanners license \
+              --output /tmp/sbom.xml \
+              $FORGE_NAME/$CI_REPO:$CI_COMMIT_SHA        
+      - cat /tmp/sbom.xml
+      - |
+        curl -X "POST" \
+             -H "Content-Type: multipart/form-data" \
+             -H "X-Api-Key: $DTRACK_API_KEY" \
+             -F "autoCreate=true" \
+             -F "projectName=$CI_REPO" \
+             -F "projectVersion=$TAG" \
+             -F "bom=@/tmp/sbom.xml"\
+             "$DTRACK_API_URL/api/v1/bom"        
     when:
       - event: [push, tag]
+
   deploy:
     image: quay.io/wollud1969/k8s-admin-helper:0.2.1
     environment: