diff --git a/.tekton/analytics-for-spotify-push.yaml b/.tekton/analytics-for-spotify-push.yaml
index 82516c0..0639035 100644
--- a/.tekton/analytics-for-spotify-push.yaml
+++ b/.tekton/analytics-for-spotify-push.yaml
@@ -108,9 +108,6 @@ spec:
         params:
           - name: IMAGE
             value: $(params.IMAGE)
-        workspaces:
-          - name: data
-            workspace: data
 
   serviceAccountName: pipeline
   workspaces:
diff --git a/.tekton/base-image.yaml b/.tekton/base-image.yaml
index 9b5a390..aefa7c4 100644
--- a/.tekton/base-image.yaml
+++ b/.tekton/base-image.yaml
@@ -11,6 +11,7 @@ metadata:
     pipelinesascode.tekton.dev/target-namespace: "analytics-for-spotify"
     pipelinesascode.tekton.dev/task-1: "https://raw.githubusercontent.com/ArthurVardevanyan/HomeLab/main/tekton/tasks/git-clone/0.9.1/git-clone.yaml"
     pipelinesascode.tekton.dev/task-2: "https://raw.githubusercontent.com/ArthurVardevanyan/HomeLab/main/tekton/tasks/buildah/0.7.1/buildah.yaml"
+    pipelinesascode.tekton.dev/task-3: "https://raw.githubusercontent.com/ArthurVardevanyan/HomeLab/main/tekton/base/clair-action/clair-action-task.yaml"
 spec:
   params:
     - name: git-url
@@ -35,6 +36,11 @@ spec:
         type: string
         default: ./Dockerfile
 
+    results:
+      - description: The common vulnerabilities and exposures (CVE) result
+        name: SCAN_OUTPUT
+        value: $(tasks.clair-action.results.SCAN_OUTPUT)
+
     workspaces:
       - name: data
       - name: git_auth_secret
@@ -70,6 +76,16 @@ spec:
           - name: source
             workspace: data
 
+      - name: clair-action
+        runAfter:
+          - buildah
+        taskRef:
+          name: clair-action
+          kind: Task
+        params:
+          - name: IMAGE
+            value: $(params.IMAGE)
+
   serviceAccountName: pipeline
   workspaces:
     - name: data
@@ -84,7 +100,7 @@ spec:
           resources:
             requests:
               storage: "100Mi"
-          storageClassName: rook-ceph-block
+          storageClassName: rook-ceph-block-ci
     - name: git_auth_secret
       secret:
         secretName: "{{ git_auth_secret }}"
diff --git a/container/containerfile b/container/containerfile
index 22a9dd7..7d61213 100644
--- a/container/containerfile
+++ b/container/containerfile
@@ -1,4 +1,4 @@
-FROM debian:sid-slim@sha256:2eac978892d960f967fdad9a5387eb0bf5addfa3fab7f6fa09a00e0adff7975d
+FROM debian:sid-20241202-slim@sha256:2eac978892d960f967fdad9a5387eb0bf5addfa3fab7f6fa09a00e0adff7975d
 
 RUN echo "deb http://deb.debian.org/debian/ sid main" >>  /etc/apt/sources.list && \
   echo "deb-src http://deb.debian.org/debian/ sid main" >>  /etc/apt/sources.list && \