diff --git a/.drone.yml b/.drone.yml
index 317ab4221d..9093b95b31 100644
--- a/.drone.yml
+++ b/.drone.yml
@@ -36,6 +36,22 @@ steps:
     event:
     - tag
 
+- name: docker-k8s-build
+  image: rancher/build-base:v1.14.2
+  volumes:
+  - name: docker
+    path: /var/run/docker.sock
+  commands:
+  - DRONE_TAG=${DRONE_TAG} BUILD_K8S_IMAGE=true make k8s-image
+  environment:
+    DOCKER_USERNAME:
+      from_secret: docker_username
+    DOCKER_PASSWORD:
+      from_secret: docker_password
+  when:
+    instance:
+    - drone-pr.rancher.io
+
 - name: docker-k8s-publish
   image: rancher/build-base:v1.14.2
   volumes:
diff --git a/scripts/k8s-image b/scripts/k8s-image
index 6a3688c083..baf2fe6600 100755
--- a/scripts/k8s-image
+++ b/scripts/k8s-image
@@ -20,7 +20,7 @@ docker build \
     	-t ${IMAGE_REPO}/kubernetes:${VERSION} .
 
 # scan kubernetes image
-docker run -v /var/run/docker.sock:/var/run/docker.sock --rm -it --name=scan-k8s docker.io/aquasec/trivy:0.10.2 i --severity ${SEVERITIES} \
+docker run -v /var/run/docker.sock:/var/run/docker.sock --rm --name=scan-k8s docker.io/aquasec/trivy:0.10.2 --quiet image --severity ${SEVERITIES} \
   --no-progress \
   --ignore-unfixed \
   ${IMAGE_REPO}/kubernetes:${VERSION}