diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml
index e170d95e0..ee6b6c0c5 100644
--- a/.github/workflows/trivy.yml
+++ b/.github/workflows/trivy.yml
@@ -10,18 +10,10 @@ jobs:
     steps:
       - name: Checkout code
         uses: actions/checkout@v2
-
       - name: Build an image from Dockerfile
         run: |
           make build.docker
-      
-      - uses: cachix/install-nix-action@v13
-        with:
-          nix_path: nixpkgs=channel:nixos-unstable
-      - uses: workflow/nix-shell-action@v1
-        with:
-          packages: trivy
-          script: |
-            make build.docker
-            ./scripts/run-trivy.sh 
+      - name: Run trivy
+        run: |
+          ./scripts/run-trivy.sh 
             
diff --git a/scripts/run-trivy.sh b/scripts/run-trivy.sh
index 8fdcc791e..ddf238edb 100755
--- a/scripts/run-trivy.sh
+++ b/scripts/run-trivy.sh
@@ -1,3 +1,11 @@
 #! /bin/bash
+set -e
 
-trivy image --exit-code 1 us.gcr.io/k8s-artifacts-prod/external-dns/external-dns:$(git describe --tags --always --dirty)
+# install trivy
+curl -LO https://github.com/aquasecurity/trivy/releases/download/v0.20.2/trivy_0.20.2_Linux-64bit.tar.gz 
+echo "38a6de48e21a34e0fa0d2cf63439c0afcbbae0e78fb3feada7a84a9cf6e7f60c trivy_0.20.2_Linux-64bit.tar.gz" | sha256sum -c 
+tar -xvf trivy_0.20.2_Linux-64bit.tar.gz
+chmod +x trivy
+
+# run trivy
+./trivy image --exit-code 1 us.gcr.io/k8s-artifacts-prod/external-dns/external-dns:$(git describe --tags --always --dirty)