diff --git a/Jenkinsfile b/Jenkinsfile
index 98df856..c34a302 100644
--- a/Jenkinsfile
+++ b/Jenkinsfile
@@ -1,56 +1,5 @@
-pipeline {
-  agent { node { label 'podman-aws-trivy' } }
+library identifier: 'zdt-lib@master', retriever: modernSCM(
+  [$class: 'GitSCMSource',
+   remote: 'https://git.zero-downtime.net/ZeroDownTime/ci-tools-lib.git'])
 
-  stages {
-    stage('Prepare'){
-        // get tags
-        steps {
-            sh 'git fetch --tags ${GIT_URL} +refs/heads/${BRANCH_NAME}:refs/remotes/origin/${BRANCH_NAME}'
-        }
-    }
-
-    // Build using rootless podman
-    stage('Build'){
-        steps {
-            sh 'make build'
-        }
-    }
-
-    stage('Test'){
-        steps {
-            sh 'make test'
-        }
-    }
-
-    // Scan via trivy
-    stage('Scan'){
-        environment { 
-            TRIVY_FORMAT = "template"
-            TRIVY_OUTPUT = "reports/trivy.html"
-        }
-        steps {
-            sh 'mkdir -p reports'
-            sh 'make scan'
-            publishHTML target : [
-                allowMissing: true,
-                alwaysLinkToLastBuild: true,
-                keepAll: true,
-                reportDir: 'reports',
-                reportFiles: 'trivy.html',
-                reportName: 'TrivyScan',
-                reportTitles: 'TrivyScan'
-            ]
-
-            // Scan again and fail on CRITICAL vulns
-            sh 'TRIVY_EXIT_CODE=1 TRIVY_SEVERITY=CRITICAL make scan'
-        }
-    }
-
-    // Push to ECR
-    stage('Push'){
-        steps {
-            sh 'make push'
-        }
-    }
-  }
-}
+buildPodman name: 'jenkins-podman'
diff --git a/Makefile b/Makefile
index 0de5792..6eda13a 100644
--- a/Makefile
+++ b/Makefile
@@ -1,34 +1,5 @@
 REGISTRY := public.ecr.aws/zero-downtime
-REPOSITORY := jenkins-podman
+IMAGE := jenkins-podman
 REGION := us-east-1
 
-# Parse version from latest git semver tag
-GTAG=$(shell git describe --tags --match v*.*.* 2>/dev/null || git rev-parse --short HEAD 2>/dev/null)
-TAG ?= $(shell echo $(GTAG) | awk -F '-' '{ print $$1 "-" $$2 }' | sed -e 's/-$$//')
-
-ifeq ($(TRIVY_REMOTE),)
-	TRIVY_OPTS := image
-else
-	TRIVY_OPTS := client --remote ${TRIVY_REMOTE}
-endif
-
-.PHONY: build push scan test
-
-all: build
-
-build:
-	podman build --rm --squash-all -t $(REPOSITORY):$(TAG) -t $(REPOSITORY):latest .
-
-push:
-	aws ecr-public get-login-password --region $(REGION) | podman login --username AWS --password-stdin $(REGISTRY)
-	podman tag $(REPOSITORY):latest $(REGISTRY)/$(REPOSITORY):$(TAG) $(REGISTRY)/$(REPOSITORY):latest
-	podman push $(REGISTRY)/$(REPOSITORY):$(TAG)
-	podman push $(REGISTRY)/$(REPOSITORY):latest
-	# Delete all untagged images
-	# aws ecr-public batch-delete-image --repository-name $(REPOSITORY) --region $(REGION) --image-ids $$(for image in $$(aws ecr-public describe-images --repository-name $(REPOSITORY) --region $(REGION) --output json | jq -r '.imageDetails[] | select(.imageTags | not ).imageDigest'); do echo -n "imageDigest=$$image "; done)
-
-scan:
-	trivy $(TRIVY_OPTS) $(REPOSITORY):$(TAG)
-
-test:
-	@echo "Not implemented (yet)"
+include .ci/podman.mk