diff --git a/.github/workflows/cleanup-untagged-images.yml b/.github/workflows/cleanup-untagged-images.yml
new file mode 100644
index 0000000..37dd0be
--- /dev/null
+++ b/.github/workflows/cleanup-untagged-images.yml
@@ -0,0 +1,20 @@
+name: Cleanup untagged images
+
+on:
+  schedule:
+    - cron: "0 0 * * *"
+
+jobs:
+  clean:
+    name: Delete untagged images
+    runs-on: ubuntu-latest
+    permissions:
+      packages: write
+    steps:
+      - uses: snok/container-retention-policy@4f22ef80902ad409ed55a99dc5133cc1250a0d03 # v3.0.0
+        with:
+          account: ${{ github.repository_owner }}
+          token: ${{ secrets.GITHUB_TOKEN }}
+          image-names: ${{ github.event.repository.name }}
+          tag-selection: "untagged"
+          cut-off: "1d"
diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml
index b07ed96..f055a69 100644
--- a/.github/workflows/pr.yml
+++ b/.github/workflows/pr.yml
@@ -6,7 +6,7 @@ on:
 
 jobs:
   run_tests:
-    uses: epam/ai-dial-ci/.github/workflows/python_docker_pr.yml@1.8.0
+    uses: epam/ai-dial-ci/.github/workflows/python_docker_pr.yml@1.9.4
     secrets: inherit
     with:
-      python_version: "3.10"
\ No newline at end of file
+      python_version: "3.10"
diff --git a/trivy.yaml b/trivy.yaml
new file mode 100644
index 0000000..f595cea
--- /dev/null
+++ b/trivy.yaml
@@ -0,0 +1,13 @@
+# Trivy configuration file
+# https://aquasecurity.github.io/trivy/latest/docs/references/configuration/config-file/
+# Can be deleted after public ecr mirror will be added by default
+db:
+  no-progress: true
+  repository:
+    - ghcr.io/aquasecurity/trivy-db:2
+    - public.ecr.aws/aquasecurity/trivy-db:2
+  java-repository:
+    - ghcr.io/aquasecurity/trivy-java-db:1
+    - public.ecr.aws/aquasecurity/trivy-java-db:1
+misconfiguration:
+  checks-bundle-repository: public.ecr.aws/aquasecurity/trivy-checks