diff --git a/.github/workflows/trivy.yaml b/.github/workflows/trivy.yaml
new file mode 100644
index 00000000..8e55de9c
--- /dev/null
+++ b/.github/workflows/trivy.yaml
@@ -0,0 +1,14 @@
+name: dsp-appsec-trivy
+on: [pull_request]
+
+jobs:
+  appsec-trivy:
+    # Parse Dockerfile and build, scan image if a "blessed" base image is not used
+    name: DSP AppSec Trivy check
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - uses: broadinstitute/dsp-appsec-trivy-action@v1
+        with:
+             context: ./orchestration
+             dockerfile: Dockerfile
\ No newline at end of file
diff --git a/orchestration/requirements.txt b/orchestration/requirements.txt
index 4a60b907..17f53d1c 100644
--- a/orchestration/requirements.txt
+++ b/orchestration/requirements.txt
@@ -23,10 +23,10 @@ dagster==0.12.14
 data-repo-client==1.527.0
 docstring-parser==0.15; python_version >= "3.9" and python_version < "3.10"
 frozenlist==1.4.0; python_version >= "3.9" and python_version < "3.10" and python_full_version >= "3.6.0"
-google-api-core==2.11.1; python_version >= "3.9" and python_version < "3.10" and (python_version >= "3.9" and python_full_version < "3.0.0" and python_version < "3.10" or python_full_version >= "3.6.0" and python_version >= "3.9" and python_version < "3.10") and (python_version >= "3.7" and python_full_version < "3.0.0" or python_full_version >= "3.4.0" and python_version >= "3.7")
+google-api-core==2.12.0; python_version >= "3.9" and python_version < "3.10" and (python_version >= "3.9" and python_full_version < "3.0.0" and python_version < "3.10" or python_full_version >= "3.6.0" and python_version >= "3.9" and python_version < "3.10") and (python_version >= "3.7" and python_full_version < "3.0.0" or python_full_version >= "3.4.0" and python_version >= "3.7")
 google-api-python-client==1.12.11; python_version >= "2.7" and python_full_version < "3.0.0" or python_full_version >= "3.4.0"
 google-auth-httplib2==0.1.1; python_version >= "2.7" and python_full_version < "3.0.0" or python_full_version >= "3.4.0"
-google-auth==2.23.0; python_version >= "3.9" and python_full_version < "3.0.0" and python_version < "3.10" or python_full_version >= "3.6.0" and python_version >= "3.9" and python_version < "3.10"
+google-auth==2.23.2; python_version >= "3.9" and python_full_version < "3.0.0" and python_version < "3.10" or python_full_version >= "3.6.0" and python_version >= "3.9" and python_version < "3.10"
 google-cloud-bigquery==2.34.3; python_version >= "3.6" and python_version < "3.11"
 google-cloud-core==2.3.3; python_version >= "3.9" and python_version < "3.10" and (python_version >= "3.9" and python_full_version < "3.0.0" and python_version < "3.10" or python_full_version >= "3.6.0" and python_version >= "3.9" and python_version < "3.10")
 google-cloud-storage==1.44.0; (python_version >= "2.7" and python_full_version < "3.0.0") or (python_full_version >= "3.6.0")
@@ -39,14 +39,14 @@ graphql-ws==0.3.1
 greenlet==2.0.2; python_version >= "3" and python_full_version < "3.0.0" and (platform_machine == "aarch64" or platform_machine == "ppc64le" or platform_machine == "x86_64" or platform_machine == "amd64" or platform_machine == "AMD64" or platform_machine == "win32" or platform_machine == "WIN32") and (python_version >= "3.9" and python_full_version < "3.0.0" and python_version < "3.10" or python_version >= "3.9" and python_version < "3.10" and python_full_version >= "3.6.0") or python_version >= "3" and (platform_machine == "aarch64" or platform_machine == "ppc64le" or platform_machine == "x86_64" or platform_machine == "amd64" or platform_machine == "AMD64" or platform_machine == "win32" or platform_machine == "WIN32") and (python_version >= "3.9" and python_full_version < "3.0.0" and python_version < "3.10" or python_version >= "3.9" and python_version < "3.10" and python_full_version >= "3.6.0") and python_full_version >= "3.5.0"
 grpcio-health-checking==1.48.2; python_version >= "3.9" and python_version < "3.10"
 grpcio-status==1.48.2; python_version >= "3.9" and python_version < "3.10"
-grpcio==1.58.0; python_version >= "3.9" and python_version < "3.10"
+grpcio==1.59.0; python_version >= "3.9" and python_version < "3.10"
 hca-import-validation==0.0.17; python_version >= "3.6"
 httplib2==0.22.0; python_version >= "2.7" and python_full_version < "3.0.0" or python_full_version >= "3.4.0"
 humanfriendly==10.0; python_version >= "3.9" and python_full_version < "3.0.0" and python_version < "3.10" or python_version >= "3.9" and python_version < "3.10" and python_full_version >= "3.5.0"
 idna==3.4; python_version >= "3.9" and python_version < "3.10" and python_full_version >= "3.6.0"
 jinja2==2.11.3; python_version >= "3.9" and python_full_version < "3.0.0" and python_version < "3.10" or python_version >= "3.9" and python_version < "3.10" and python_full_version >= "3.5.0"
 jsonschema-specifications==2023.7.1; python_version >= "3.8"
-jsonschema==4.19.0; python_version >= "3.8"
+jsonschema==4.19.1; python_version >= "3.8"
 kubernetes==28.1.0; python_version >= "3.6"
 mako==1.2.2; python_version >= "3.7"
 markupsafe==2.0.1; python_version >= "3.6"
@@ -56,13 +56,13 @@ numpy==1.26.0; python_version >= "3.9" and python_version < "3.11"
 oauth2client==4.1.3
 oauthlib==3.2.2; python_version >= "3.6"
 packaging==23.1; python_version >= "3.9" and python_version < "3.10"
-pandas==2.1.0; python_version >= "3.9"
+pandas==2.1.1; python_version >= "3.9"
 pendulum==2.1.2; python_version >= "3.9" and python_full_version < "3.0.0" and python_version < "3.10" or python_version >= "3.9" and python_version < "3.10" and python_full_version >= "3.5.0"
 promise==2.3
 proto-plus==1.22.3; python_version >= "3.9" and python_version < "3.10"
 protobuf==3.20.2; python_version >= "3.7"
 psutil==5.9.5; python_version >= "3.9" and python_full_version < "3.0.0" and python_version < "3.10" and platform_system == "Windows" or python_version >= "3.9" and python_version < "3.10" and platform_system == "Windows" and python_full_version >= "3.4.0"
-psycopg2-binary==2.9.7; python_version >= "3.6"
+psycopg2-binary==2.9.8; python_version >= "3.6"
 pyasn1-modules==0.3.0; python_version >= "3.9" and python_full_version < "3.0.0" and python_version < "3.10" or python_full_version >= "3.6.0" and python_version >= "3.9" and python_version < "3.10"
 pyasn1==0.5.0; python_version >= "3.6" and python_full_version < "3.0.0" and python_version < "4" or python_version >= "3.6" and python_version < "4" and python_full_version >= "3.6.0"
 pyparsing==3.1.1; python_full_version >= "3.6.8" and python_version > "3.0"