diff --git a/.github/workflows/security_trivy_prod_image_scan.yml b/.github/workflows/security_trivy_prod_image_scan.yml
new file mode 100644
index 0000000..b34b70a
--- /dev/null
+++ b/.github/workflows/security_trivy_prod_image_scan.yml
@@ -0,0 +1,76 @@
+name: Security trivy dependency check
+
+on:
+  workflow_call:
+    inputs:
+      channel_id:
+        description: 'The slack channel ID to send a message on failure. If this is not provided then no message is sent.'
+        required: false
+        default: 'NO_SLACK'
+        type: string
+      subproject:
+        description: 'For gradle multi module projects, leave blank for single module projects'
+        required: false
+        default: ''
+        type: string
+    secrets:
+      HMPPS_SRE_SLACK_BOT_TOKEN:
+        description: 'Slack bot token'
+        required: false
+
+permissions:
+  contents: read
+
+jobs:
+  get_production_image_details:
+    name: Get production image details from Service Catalogue 
+    runs-on: [self-hosted, hmpps-github-actions-runner]
+    steps:
+      - name: Get Json data from curl 
+        id: json_data
+        run:
+          OUTPUT=$(curl -X GET \
+          -g "https://service-catalogue-dev.hmpps.service.justice.gov.uk/v1/components?populate=environment&filters[name][$contains]=hmpps-developer-portal")
+          echo "::set-output name=receipt_handle::$OUTPUT"
+      - name: Print output 
+        run:
+          echo "id= ${{ steps.request.outputs.id }}"
+          echo "name= ${{ steps.request.outputs.name }}""
+      
+      
+          
+  # security-trivy-check:
+  #   name: Security trivy dependency check
+  #   runs-on: ubuntu-latest
+  #   permissions:
+  #     security-events: write
+  #   steps:
+  #   - uses: actions/checkout@v4
+  #   - name: Trivy Image Vulnerability Scanner
+  #     id: trivy-analyse
+  #     uses: aquasecurity/trivy-action@b5f4977b78f81fa3d48865ff0efcc6e279210235 # v0.50.2
+  #     with:
+  #       image-ref: "quay.io/hmpps/${{ inputs.subproject == '' && github.event.repository.name || inputs.subproject}}:latest"
+  #       severity: 'HIGH,CRITICAL'
+  #       ignore-unfixed: true
+  #       skip-files: /app/agent.jar
+  #       format: 'sarif'
+  #       output: 'trivy-results.sarif'
+  #       exit-code: 1
+  #       limit-severities-for-sarif: true
+  #     continue-on-error: true
+  #   - name: Trivy upload sarif
+  #     id: trivy-upload
+  #     uses: github/codeql-action/upload-sarif@v3
+  #     with:
+  #       sarif_file: 'trivy-results.sarif'
+  #       category: trivy-dependency-check
+  #   - name: Trivy slack notification
+  #     uses: ministryofjustice/hmpps-github-actions/.github/actions/slack_codescan_notification@v1 # WORKFLOW_VERSION
+  #     if: (failure() || steps.trivy-analyse.outcome == 'failure') && inputs.channel_id != 'NO_SLACK'
+  #     with:
+  #       title: "Trivy"
+  #       warningOnly: ${{ steps.trivy-upload.outcome == 'success' }}
+  #       channel_id: ${{ inputs.channel_id}}
+  #       SLACK_BOT_TOKEN: ${{ secrets.HMPPS_SRE_SLACK_BOT_TOKEN }}
+  #       subproject: ${{ inputs.subproject }}