diff --git a/.github/workflows/image-pr.yaml b/.github/workflows/image-pr.yaml
index fe86108bd..642c5602d 100644
--- a/.github/workflows/image-pr.yaml
+++ b/.github/workflows/image-pr.yaml
@@ -12,9 +12,31 @@ env:
   FORCE_COLOR: 1
   EARTHLY_TOKEN: ${{ secrets.EARTHLY_TOKEN }}
 jobs:
+  # Populate the trivy cache once for all later jobs to use
+  trivy-cache:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
+        with:
+          fetch-depth: 0
+      - name: Install earthly
+        uses: Luet-lab/luet-install-action@cec77490c3f2416d7d07a47cfab04d448641d7ce # v1.1
+        with:
+          repository: quay.io/kairos/packages
+          packages: utils/earthly
+      - name: Restore trivy cache
+        uses: yogeshlonkar/trivy-cache-action@v0
+        with:
+          gh-token: ${{ secrets.GITHUB_TOKEN }}
+      - name: Populate trivy Cache
+        run: |
+          [ ! -d ".trivy" ] && mkdir -p ".trivy"
+          earthly +trivy-download-db --DIR .trivy
   core-ubuntu-22-lts:
     uses: ./.github/workflows/reusable-build-flavor.yaml
     secrets: inherit
+    needs:
+      - trivy-cache
     permissions:
       contents: write
       security-events: write
@@ -42,6 +64,8 @@ jobs:
   core-ubuntu-24-lts:
     uses: ./.github/workflows/reusable-build-flavor.yaml
     secrets: inherit
+    needs:
+      - trivy-cache
     permissions:
       contents: write
       security-events: write
@@ -69,6 +93,8 @@ jobs:
   core-alpine:
     uses: ./.github/workflows/reusable-build-flavor.yaml
     secrets: inherit
+    needs:
+      - trivy-cache
     permissions:
       contents: write
       security-events: write
@@ -96,6 +122,8 @@ jobs:
   standard:
     uses: ./.github/workflows/reusable-build-provider.yaml
     secrets: inherit
+    needs:
+      - trivy-cache
     permissions:
       id-token: write  # OIDC support
       contents: write
@@ -128,6 +156,7 @@ jobs:
       flavor_release: "24.04"
       secureboot: false
     needs:
+      - trivy-cache
       - core-ubuntu-24-lts
 
   install-target:
@@ -138,6 +167,7 @@ jobs:
       flavor_release: "24.04"
       secureboot: false
     needs:
+      - trivy-cache
       - core-ubuntu-24-lts
 
   install-secureboot:
@@ -148,6 +178,7 @@ jobs:
       flavor_release: "24.04"
       secureboot: true
     needs:
+      - trivy-cache
       - core-ubuntu-24-lts
 
   install-alpine:
@@ -157,6 +188,7 @@ jobs:
       flavor: alpine
       flavor_release: "3.19"
     needs:
+      - trivy-cache
       - core-alpine
 
   zfs:
@@ -166,6 +198,7 @@ jobs:
       flavor: ubuntu
       flavor_release: "22.04"
     needs:
+      - trivy-cache
       - core-ubuntu-22-lts
 
   acceptance:
@@ -175,6 +208,7 @@ jobs:
       flavor: ubuntu
       flavor_release: "24.04"
     needs:
+      - trivy-cache
       - core-ubuntu-24-lts
 
   acceptance-alpine:
@@ -184,6 +218,7 @@ jobs:
       flavor: alpine
       flavor_release: "3.19"
     needs:
+      - trivy-cache
       - core-alpine
 
   bundles:
@@ -193,6 +228,7 @@ jobs:
       flavor: ubuntu
       flavor_release: "24.04"
     needs:
+      - trivy-cache
       - core-ubuntu-24-lts
 
   reset:
@@ -202,6 +238,7 @@ jobs:
       flavor: ubuntu
       flavor_release: "24.04"
     needs:
+      - trivy-cache
       - core-ubuntu-24-lts
 
   reset-alpine:
@@ -211,6 +248,7 @@ jobs:
       flavor: alpine
       flavor_release: "3.19"
     needs:
+      - trivy-cache
       - core-alpine
 
   netboot:
@@ -224,6 +262,7 @@ jobs:
       model: generic
       variant: core
     needs:
+      - trivy-cache
       - core-ubuntu-24-lts
 
   netboot-alpine:
@@ -237,6 +276,7 @@ jobs:
       model: generic
       variant: core
     needs:
+      - trivy-cache
       - core-alpine
 
   upgrade:
@@ -246,6 +286,7 @@ jobs:
       flavor: ubuntu
       flavor_release: "24.04"
     needs:
+      - trivy-cache
       - core-ubuntu-24-lts
 
   upgrade-alpine:
@@ -255,6 +296,7 @@ jobs:
       flavor: alpine
       flavor_release: "3.19"
     needs:
+      - trivy-cache
       - core-alpine
 
   upgrade-latest:
@@ -266,6 +308,7 @@ jobs:
       family: "ubuntu"
       # release_matcher: "23.10"  # introduced so tests can be green while we wait for the kairos release with the latest flavor release
     needs:
+      - trivy-cache
       - core-ubuntu-24-lts
 
   # enable once the first alpine only release is out as it currently cannot find the latest alpine release properly
@@ -275,6 +318,7 @@ jobs:
   #     flavor: alpine
   #     flavor_release: "3.19"
   #   needs:
+  #     - trivy-cache
   #     - core-alpine
 
   custom-partitioning:
@@ -299,6 +343,7 @@ jobs:
       flavor: ${{ matrix.flavor }}
       flavor_release: ${{ matrix.flavorRelease }}
     needs:
+      - trivy-cache
       - core-ubuntu-24-lts
     strategy:
       fail-fast: true
@@ -315,6 +360,7 @@ jobs:
       flavor_release: "24.04"
       label: ${{ matrix.label }}
     needs:
+      - trivy-cache
       - core-ubuntu-24-lts
     strategy:
       fail-fast: true
@@ -334,6 +380,7 @@ jobs:
       flavor_release: "3.19"
       label: ${{ matrix.label }}
     needs:
+      - trivy-cache
       - core-alpine
     strategy:
       fail-fast: true