diff --git a/Makefile b/Makefile
index eea00f842ff2a4a663b0c1d87e550382513edc37..4c20545e51887d4a43df5c4a4f80f71d614a9a97 100644
--- a/Makefile
+++ b/Makefile
@@ -20,7 +20,7 @@ BUILD_ARGS := --build-arg VCS_REF=$(GIT_COMMIT)
 
 .PHONY: all clean test $(DOCKERFILES) static-code-analysis mobile delete_dangling_images security publish
 
-all: php-lint php-unit-test magento2 mobile static-code-analysis
+all: php-lint php-unit-test magento2 mobile static-code-analysis detect-secrets
 
 # Image Groups
 ####################
@@ -97,6 +97,13 @@ $(DOCKERFILES):
 	@docker run --rm -i nimmis/label-inspector lint < $(@D)/Dockerfile
 	@docker run --rm -i nimmis/label-inspector validate < $(@D)/Dockerfile
 
+
+# detect-secrets
+# ##############
+detect-secrets: detect-secrets/Dockerfile
+	docker build $(BUILD_ARGS) -t ${REPO_ORG}/detect-secrets detect-secrets/
+
+
 #IMAGES_TO_SCAN = $(shell docker images --format '{{.Repository}}:{{.Tag}}' | grep unl-its )
 #security:
 #	@docker login -u ${TENABLE_IO_ACCESS_KEY} -p ${TENABLE_IO_SECRET_KEY} registry.cloud.tenable.com
diff --git a/detect-secrets/Dockerfile b/detect-secrets/Dockerfile
new file mode 100644
index 0000000000000000000000000000000000000000..1c44f638c7fa772279c555dc61891a7aebd7cf88
--- /dev/null
+++ b/detect-secrets/Dockerfile
@@ -0,0 +1,26 @@
+FROM python:3.7-alpine
+
+ARG BUILD_DATE
+ARG VCS_REF
+ARG VERSION
+LABEL org.label-schema.build-date=$BUILD_DATE \
+      org.label-schema.name="Detects secrets" \
+      org.label-schema.description="Docker image to detect secrets in a code base" \
+      org.label-schema.vcs-ref=$VCS_REF \
+      org.label-schema.vendor="University of Nebraska - Lincoln" \
+      org.label-schema.version="0.1.0" \
+      org.label-schema.schema-version="1.0" \
+      maintainer="J.R. Barreras <barreras@unl.edu>"
+
+WORKDIR /work
+
+RUN apk update && apk upgrade && \
+    apk add --no-cache git && \
+	pip install detect-secrets
+
+COPY entrypoint.sh /usr/local/bin/
+RUN chmod +x /usr/local/bin/entrypoint.sh
+#ENTRYPOINT ["/usr/local/bin/detect-secrets"]
+ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]
+
+CMD ["/usr/local/bin/detect-secrets", "scan"]
diff --git a/detect-secrets/entrypoint.sh b/detect-secrets/entrypoint.sh
new file mode 100644
index 0000000000000000000000000000000000000000..f38dad924b00e1ef216b3735cb3abe58d9a82cf0
--- /dev/null
+++ b/detect-secrets/entrypoint.sh
@@ -0,0 +1,3 @@
+#!/bin/sh
+PARAM=${2:-scan}
+/usr/local/bin/detect-secrets ${PARAM}