diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 0000000..a46ea40
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,40 @@
+ARG BASE="latest-alpine-jdk11"
+
+FROM jenkins/inbound-agent:${BASE}
+
+USER root
+RUN echo "http://dl-cdn.alpinelinux.org/alpine/edge/testing" >> /etc/apk/repositories \
+    && apk upgrade -U -a \
+    && apk --no-cache add \
+    make \
+    fuse-overlayfs \
+    podman \
+    buildah \
+    aws-cli \
+    trivy
+
+# Podman tweaks
+ADD conf/containers.conf conf/registries.conf conf/storage.conf /etc/containers/
+ADD --chown=jenkins:jenkins conf/podman-containers.conf /home/jenkins/.config/containers/containers.conf
+
+RUN mkdir -p /var/lib/shared/overlay-images /var/lib/shared/overlay-layers \
+             /var/lib/shared/vfs-images /var/lib/shared/vfs-layers && \
+    touch /var/lib/shared/overlay-images/images.lock /var/lib/shared/overlay-layers/layers.lock \
+          /var/lib/shared/vfs-images/images.lock /var/lib/shared/vfs-layers/layers.lock
+
+# Trivy html template
+ADD --chown=jenkins:jenkins html.tpl /home/jenkins/
+
+# Make docker in Jenkinsfiles work
+RUN ln -s /usr/bin/podman /usr/bin/docker
+
+# Rootless podman
+RUN echo jenkins:100000:65536 > /etc/subuid \
+ && echo jenkins:100000:65536 > /etc/subgid
+
+ENV BUILDAH_ISOLATION=rootless
+
+# Allow container layers to be stored in PVCs
+VOLUME /home/jenkins/.local/share/containers
+
+USER jenkins
diff --git a/Makefile b/Makefile
new file mode 100644
index 0000000..92a547d
--- /dev/null
+++ b/Makefile
@@ -0,0 +1,25 @@
+VERSION ?= 0.1.0
+BASE ?= latest-alpine-jdk11
+REGISTRY := public.ecr.aws/zero-downtime
+REPOSITORY := jenkins-podman
+TAG := $(REPOSITORY):v$(VERSION)
+
+.PHONY: build push clean
+
+all: build
+
+build:
+	podman build --rm --squash-all --build-arg BASE=$(BASE) -t $(TAG) .
+
+push:
+	aws ecr-public get-login-password --region us-east-1 | podman login --username AWS --password-stdin $(REGISTRY)
+	podman tag $(TAG) $(REGISTRY)/$(TAG)
+	podman push $(REGISTRY)/$(TAG)
+
+clean:
+	podman rmi -f $(TAG)
+
+scan:
+	podman save $(TAG) -o image.tar
+	trivy image --input image.tar --format template --template @./html.tpl -o report.html
+	rm -f image.tar
diff --git a/README.md b/README.md
index 788b292..9fc696c 100644
--- a/README.md
+++ b/README.md
@@ -1,3 +1,8 @@
-# jenkins-agent
+# jenkins-podman
+Public Repo: https://gallery.ecr.aws/zero-downtime/jenkins-podman
 
-Custom Jenkins agent incl. rootless podman / buildah.
\ No newline at end of file
+# Resources
+- https://github.com/containers/podman/blob/main/docs/tutorials/rootless_tutorial.md
+- https://github.com/jenkinsci/docker-agent/blob/master/11/alpine/Dockerfile
+- https://github.com/jenkinsci/docker-inbound-agent/tree/master/11/alpine
+- https://github.com/aquasecurity/trivy
diff --git a/conf/containers.conf b/conf/containers.conf
new file mode 100644
index 0000000..220c1f8
--- /dev/null
+++ b/conf/containers.conf
@@ -0,0 +1,12 @@
+[containers]
+netns="host"
+userns="host"
+ipcns="host"
+utsns="host"
+cgroupns="host"
+cgroups="disabled"
+log_driver = "k8s-file"
+[engine]
+cgroup_manager = "cgroupfs"
+events_logger="file"
+runtime="crun"
diff --git a/conf/podman-containers.conf b/conf/podman-containers.conf
new file mode 100644
index 0000000..503cca3
--- /dev/null
+++ b/conf/podman-containers.conf
@@ -0,0 +1,4 @@
+[containers]
+volumes = [
+	"/proc:/proc",
+]
diff --git a/conf/registries.conf b/conf/registries.conf
new file mode 100644
index 0000000..004ec42
--- /dev/null
+++ b/conf/registries.conf
@@ -0,0 +1,2 @@
+# Note that changing the order here may break lazy devs Dockerfile
+unqualified-search-registries = [ "gcr.io", "quay.io", "docker.io", "registry.fedoraproject.org"]
diff --git a/conf/storage.conf b/conf/storage.conf
new file mode 100644
index 0000000..633dfc4
--- /dev/null
+++ b/conf/storage.conf
@@ -0,0 +1,14 @@
+[storage]
+driver = "overlay"
+runroot = "/run/containers/storage"
+graphroot = "/var/lib/containers/storage"
+
+[storage.options]
+additionalimagestores = [
+"/var/lib/shared",
+]
+
+[storage.options.overlay]
+mount_program = "/usr/bin/fuse-overlayfs"
+mountopt = "nodev,fsync=0"
+[storage.options.thinpool]
diff --git a/html.tpl b/html.tpl
new file mode 100644
index 0000000..08d240e
--- /dev/null
+++ b/html.tpl
@@ -0,0 +1,148 @@
+<!DOCTYPE html>
+<html>
+  <head>
+    <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+{{- if . }}
+    <style>
+      * {
+        font-family: Arial, Helvetica, sans-serif;
+      }
+      h1 {
+        text-align: center;
+      }
+      .group-header th {
+        font-size: 200%;
+      }
+      .sub-header th {
+        font-size: 150%;
+      }
+      table, th, td {
+        border: 1px solid black;
+        border-collapse: collapse;
+        white-space: nowrap;
+        padding: .3em;
+      }
+      table {
+        margin: 0 auto;
+      }
+      .severity {
+        text-align: center;
+        font-weight: bold;
+        color: #fafafa;
+      }
+      .severity-LOW .severity { background-color: #5fbb31; }
+      .severity-MEDIUM .severity { background-color: #e9c600; }
+      .severity-HIGH .severity { background-color: #ff8800; }
+      .severity-CRITICAL .severity { background-color: #e40000; }
+      .severity-UNKNOWN .severity { background-color: #747474; }
+      .severity-LOW { background-color: #5fbb3160; }
+      .severity-MEDIUM { background-color: #e9c60060; }
+      .severity-HIGH { background-color: #ff880060; }
+      .severity-CRITICAL { background-color: #e4000060; }
+      .severity-UNKNOWN { background-color: #74747460; }
+      table tr td:first-of-type {
+        font-weight: bold;
+      }
+      .links a,
+      .links[data-more-links=on] a {
+        display: block;
+      }
+      .links[data-more-links=off] a:nth-of-type(1n+5) {
+        display: none;
+      }
+      a.toggle-more-links { cursor: pointer; }
+    </style>
+    <title>{{- escapeXML ( index . 0 ).Target }} - Trivy Report - {{ getCurrentTime }}</title>
+    <script>
+      window.onload = function() {
+        document.querySelectorAll('td.links').forEach(function(linkCell) {
+          var links = [].concat.apply([], linkCell.querySelectorAll('a'));
+          [].sort.apply(links, function(a, b) {
+            return a.href > b.href ? 1 : -1;
+          });
+          links.forEach(function(link, idx) {
+            if (links.length > 3 && 3 === idx) {
+              var toggleLink = document.createElement('a');
+              toggleLink.innerText = "Toggle more links";
+              toggleLink.href = "#toggleMore";
+              toggleLink.setAttribute("class", "toggle-more-links");
+              linkCell.appendChild(toggleLink);
+            }
+            linkCell.appendChild(link);
+          });
+        });
+        document.querySelectorAll('a.toggle-more-links').forEach(function(toggleLink) {
+          toggleLink.onclick = function() {
+            var expanded = toggleLink.parentElement.getAttribute("data-more-links");
+            toggleLink.parentElement.setAttribute("data-more-links", "on" === expanded ? "off" : "on");
+            return false;
+          };
+        });
+      };
+    </script>
+  </head>
+  <body>
+    <h1>{{- escapeXML ( index . 0 ).Target }} - Trivy Report - {{ getCurrentTime }}</h1>
+    <table>
+    {{- range . }}
+      <tr class="group-header"><th colspan="6">{{ escapeXML .Type }}</th></tr>
+      {{- if (eq (len .Vulnerabilities) 0) }}
+      <tr><th colspan="6">No Vulnerabilities found</th></tr>
+      {{- else }}
+      <tr class="sub-header">
+        <th>Package</th>
+        <th>Vulnerability ID</th>
+        <th>Severity</th>
+        <th>Installed Version</th>
+        <th>Fixed Version</th>
+        <th>Links</th>
+      </tr>
+        {{- range .Vulnerabilities }}
+      <tr class="severity-{{ escapeXML .Vulnerability.Severity }}">
+        <td class="pkg-name">{{ escapeXML .PkgName }}</td>
+        <td>{{ escapeXML .VulnerabilityID }}</td>
+        <td class="severity">{{ escapeXML .Vulnerability.Severity }}</td>
+        <td class="pkg-version">{{ escapeXML .InstalledVersion }}</td>
+        <td>{{ escapeXML .FixedVersion }}</td>
+        <td class="links" data-more-links="off">
+          {{- range .Vulnerability.References }}
+          <a href={{ escapeXML . | printf "%q" }}>{{ escapeXML . }}</a>
+          {{- end }}
+        </td>
+      </tr>
+        {{- end }}
+      {{- end }}
+      {{- if (eq (len .Misconfigurations ) 0) }}
+      <tr><th colspan="6">No Misconfigurations found</th></tr>
+      {{- else }}
+      <tr class="sub-header">
+        <th>Type</th>
+        <th>Misconf ID</th>
+        <th>Check</th>
+        <th>Severity</th>
+        <th>Message</th>
+      </tr>
+        {{- range .Misconfigurations }}
+      <tr class="severity-{{ escapeXML .Severity }}">
+        <td class="misconf-type">{{ escapeXML .Type }}</td>
+        <td>{{ escapeXML .ID }}</td>
+        <td class="misconf-check">{{ escapeXML .Title }}</td>
+        <td class="severity">{{ escapeXML .Severity }}</td>
+        <td class="link" data-more-links="off"  style="white-space:normal;"">
+          {{ escapeXML .Message }}
+          <br>
+            <a href={{ escapeXML .PrimaryURL | printf "%q" }}>{{ escapeXML .PrimaryURL }}</a>
+          </br>
+        </td>
+      </tr>
+        {{- end }}
+      {{- end }}
+    {{- end }}
+    </table>
+{{- else }}
+  </head>
+  <body>
+    <h1>Trivy Returned Empty Report</h1>
+{{- end }}
+  </body>
+</html>