diff --git a/kubernetes/apps/kustomization.yaml b/kubernetes/apps/kustomization.yaml
index 8c2e35882..64de80994 100644
--- a/kubernetes/apps/kustomization.yaml
+++ b/kubernetes/apps/kustomization.yaml
@@ -11,4 +11,5 @@ resources:
   - ./monitoring
   - ./networking
   - ./rook-ceph
+  - ./trivy-system
   - ./volsync
diff --git a/kubernetes/apps/trivy-system/kustomization.yaml b/kubernetes/apps/trivy-system/kustomization.yaml
new file mode 100644
index 000000000..908f7ac08
--- /dev/null
+++ b/kubernetes/apps/trivy-system/kustomization.yaml
@@ -0,0 +1,9 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  # Pre Flux-Kustomizations
+  - ./namespace.yaml
+  # Flux-Kustomizations
+  - ./trivy-operator/ks.yaml
diff --git a/kubernetes/apps/trivy-system/namespace.yaml b/kubernetes/apps/trivy-system/namespace.yaml
new file mode 100644
index 000000000..426abe254
--- /dev/null
+++ b/kubernetes/apps/trivy-system/namespace.yaml
@@ -0,0 +1,7 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: trivy-system
+  labels:
+    kustomize.toolkit.fluxcd.io/prune: disabled
diff --git a/kubernetes/apps/trivy-system/trivy-operator/app/helmrelease.yaml b/kubernetes/apps/trivy-system/trivy-operator/app/helmrelease.yaml
new file mode 100644
index 000000000..9d5d6a543
--- /dev/null
+++ b/kubernetes/apps/trivy-system/trivy-operator/app/helmrelease.yaml
@@ -0,0 +1,38 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/helmrelease_v2beta1.json
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+  name: trivy-operator
+  namespace: trivy-system
+spec:
+  interval: 15m
+  chart:
+    spec:
+      chart: trivy-operator
+      version: 0.9.1
+      sourceRef:
+        kind: HelmRepository
+        name: aqua
+        namespace: flux-system
+  maxHistory: 3
+  install:
+    createNamespace: true
+    crds: CreateReplace
+    remediation:
+      retries: 3
+  upgrade:
+    crds: CreateReplace
+    remediation:
+      retries: 3
+  values:
+    excludeNamespaces: "{{ .Release.Namespace }}"
+    operator:
+      replicas: 3
+      scanJobsConcurrentLimit: 3
+      vulnerabilityScannerScanOnlyCurrentRevisions: true
+      configAuditScannerScanOnlyCurrentRevisions: true
+    trivy:
+      ignoreUnfixed: true
+    serviceMonitor:
+      enabled: true
diff --git a/kubernetes/apps/trivy-system/trivy-operator/app/kustomization.yaml b/kubernetes/apps/trivy-system/trivy-operator/app/kustomization.yaml
new file mode 100644
index 000000000..63d5cfc22
--- /dev/null
+++ b/kubernetes/apps/trivy-system/trivy-operator/app/kustomization.yaml
@@ -0,0 +1,7 @@
+---
+# yaml-language-server: $schema=https://json.schemastore.org/kustomization
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: trivy-system
+resources:
+  - ./helmrelease.yaml
diff --git a/kubernetes/apps/trivy-system/trivy-operator/ks.yaml b/kubernetes/apps/trivy-system/trivy-operator/ks.yaml
new file mode 100644
index 000000000..1fd9e269c
--- /dev/null
+++ b/kubernetes/apps/trivy-system/trivy-operator/ks.yaml
@@ -0,0 +1,23 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/kustomization_v1beta2.json
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
+kind: Kustomization
+metadata:
+  name: cluster-apps-trivy-operator
+  namespace: flux-system
+  labels:
+    substitution.flux.home.arpa/enabled: "true"
+spec:
+  path: ./kubernetes/apps/trivy-system/trivy-operator/app
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    name: home-ops-kubernetes
+  healthChecks:
+    - apiVersion: helm.toolkit.fluxcd.io/v2beta1
+      kind: HelmRelease
+      name: trivy-operator
+      namespace: trivy-system
+  interval: 30m
+  retryInterval: 1m
+  timeout: 3m
diff --git a/kubernetes/flux/repositories/helm/aqua.yaml b/kubernetes/flux/repositories/helm/aqua.yaml
new file mode 100644
index 000000000..ec96e18a9
--- /dev/null
+++ b/kubernetes/flux/repositories/helm/aqua.yaml
@@ -0,0 +1,10 @@
+---
+# yaml-language-server: $schema=https://kubernetes-schemas.devbu.io/helmrepository_v1beta2.json
+apiVersion: source.toolkit.fluxcd.io/v1beta2
+kind: HelmRepository
+metadata:
+  name: aqua
+  namespace: flux-system
+spec:
+  interval: 2h
+  url: https://aquasecurity.github.io/helm-charts/
diff --git a/kubernetes/flux/repositories/helm/kustomization.yaml b/kubernetes/flux/repositories/helm/kustomization.yaml
index d2922488c..9faf7ecdc 100644
--- a/kubernetes/flux/repositories/helm/kustomization.yaml
+++ b/kubernetes/flux/repositories/helm/kustomization.yaml
@@ -3,6 +3,7 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
+  - ./aqua.yaml
   - ./backube.yaml
   - ./bitnami.yaml
   - ./bjw-s.yaml