diff --git a/.github/wiki/Testing.md b/.github/wiki/Testing.md
index 77843ffa..50ed7a1d 100644
--- a/.github/wiki/Testing.md
+++ b/.github/wiki/Testing.md
@@ -11,4 +11,3 @@ npm run lint // to check linting
 
 npm run lint:fix // to fix linting
 ```
-
diff --git a/.github/wiki/Trivy-local-running.md b/.github/wiki/Trivy-local-running.md
new file mode 100644
index 00000000..c4df97d5
--- /dev/null
+++ b/.github/wiki/Trivy-local-running.md
@@ -0,0 +1,12 @@
+This project is using Trivy as a vulnerability scanner to replace the role of `tfsec` with some extra benefits:
+1. Access to more languages and features in the same tool.
+2. Access to more integrations with tools and services through the rich ecosystem around Trivy.
+3. Commercially supported by Aqua as well as by a the passionate Trivy community. tfsec will continue to remain available for the time being, although our engineering attention will be directed at Trivy going forward.
+
+## Trivy Local Scan
+```bash
+# Project root directory
+trivy config .
+```
+
+For more information, please refer to the [Trivy documentation](https://github.com/aquasecurity/trivy)
diff --git a/.github/wiki/_Sidebar.md b/.github/wiki/_Sidebar.md
index e3639f8a..59692145 100644
--- a/.github/wiki/_Sidebar.md
+++ b/.github/wiki/_Sidebar.md
@@ -15,3 +15,4 @@
 - [[Testing]]
 - [[Modify the Infrastructure Diagram | Modify infra diagram]]
 - [[Publishing]]
+- [[Trivy Local Running]]
diff --git a/src/generators/terraform/index.test.ts b/src/generators/terraform/index.test.ts
index f01ea120..1e171435 100644
--- a/src/generators/terraform/index.test.ts
+++ b/src/generators/terraform/index.test.ts
@@ -26,6 +26,7 @@ describe('Core codebase', () => {
       const expectedFiles = [
         '.gitignore',
         '.tool-versions',
+        'trivy.yaml',
         'core/main.tf',
         'core/outputs.tf',
         'core/variables.tf',
diff --git a/templates/addons/aws/modules/iam_groups/main.tf b/templates/addons/aws/modules/iam_groups/main.tf
index d7732889..126b7b7d 100644
--- a/templates/addons/aws/modules/iam_groups/main.tf
+++ b/templates/addons/aws/modules/iam_groups/main.tf
@@ -18,6 +18,7 @@ resource "aws_iam_group_policy_attachment" "admin_access" {
   policy_arn = data.aws_iam_policy.admin_access.arn
 }
 
+# Policy from https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_examples_aws_my-sec-creds-self-manage.html
 # trivy:ignore:AVD-AWS-0057
 resource "aws_iam_group_policy" "developer_allow_manage_own_credentials" {
   group  = aws_iam_group.developer.name
diff --git a/templates/terraform/gitignore b/templates/terraform/gitignore
index 13970b99..fb3a5c97 100644
--- a/templates/terraform/gitignore
+++ b/templates/terraform/gitignore
@@ -42,3 +42,6 @@ terraform.rc
 
 # Emacs
 .dir-locals.el
+
+# Trivy
+trivy-output.json
diff --git a/templates/terraform/trivy.yaml b/templates/terraform/trivy.yaml
new file mode 100644
index 00000000..41831c0d
--- /dev/null
+++ b/templates/terraform/trivy.yaml
@@ -0,0 +1,28 @@
+timeout: 10m
+format: json
+dependency-tree: true
+list-all-pkgs: true
+exit-code: 1
+output: trivy-output.json
+# All severity levels
+severity:
+  - UNKNOWN
+  - LOW
+  - MEDIUM
+  - HIGH
+  - CRITICAL
+scan:
+  skip-dirs:
+    - .github/
+    - core/.terraform/
+    - shared/.terraform/
+
+  scanners:
+    - vuln
+    - secret
+
+vulnerability:
+  type:
+    - os
+    - library
+  ignore-unfixed: true