diff --git a/.github/workflows/CI.yaml b/.github/workflows/CI.yaml
index 43014f3..aca4ded 100644
--- a/.github/workflows/CI.yaml
+++ b/.github/workflows/CI.yaml
@@ -35,3 +35,52 @@ jobs:
         with:
           files: ./coverage.txt
           verbose: true
+
+  image-test:
+    name: Check for image build and CVE
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+        with:
+          submodules: true
+
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v1
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v1
+
+      - name: Cache Docker layers
+        uses: actions/cache@v2
+        with:
+          path: /tmp/.buildx-cache
+          key: ${{ runner.os }}-buildx-${{ github.sha }}
+          restore-keys: |
+            ${{ runner.os }}-buildx-
+
+      - name: Lower case for ghcr
+        id: ghcr_string
+        uses: ASzc/change-string-case-action@v1
+        with:
+          string: ${{ github.event.repository.full_name }}
+
+      - name: Build and load image
+        uses: docker/build-push-action@v2
+        with:
+          context: .
+          load: true
+          tags: |
+            ghcr.io/${{ steps.ghcr_string.outputs.lowercase }}
+
+          cache-from: type=local,src=/tmp/.buildx-cache
+          cache-to: type=local,dest=/tmp/.buildx-cache-new,mode=max
+
+      - name: Scan for possible CVEs
+        uses: aquasecurity/trivy-action@master
+        with:
+          image-ref: ghcr.io/${{ steps.ghcr_string.outputs.lowercase }}
+          format: 'table'
+          exit-code: '1'
+          severity: 'CRITICAL,HIGH'
+          ignore-unfixed: true
\ No newline at end of file