diff --git a/.cspell.json b/.cspell.json
index 6992dfe681..76a276f2f8 100644
--- a/.cspell.json
+++ b/.cspell.json
@@ -50,6 +50,7 @@
         "dids",
         "Dids",
         "DockerOde",
+        "dokka",
         "ealen",
         "ecparams",
         "embeddable",
@@ -158,6 +159,7 @@
         "thream",
         "tlsca",
         "tlscacerts",
+        "Trivy",
         "txid",
         "txqueue",
         "Uisrs",
@@ -166,6 +168,7 @@
         "Unmarshal",
         "uuidv",
         "vscc",
+        "vuln",
         "wasm",
         "Xdai"
     ],
diff --git a/weaver/core/drivers/corda-driver/README.md b/weaver/core/drivers/corda-driver/README.md
index 0d5e8c3fd4..68d6313dc8 100644
--- a/weaver/core/drivers/corda-driver/README.md
+++ b/weaver/core/drivers/corda-driver/README.md
@@ -148,6 +148,41 @@ The docs are then located in `build/dokka/driver-corda`. Opening
 `index.html` in your browser will allow you to navigate through the project
 structure.
 
+## Trivy Security Audit of Dependencies
+
+> Note you either need to be using the VSCode Dev Container or having installed
+> Trivy yourself prior to running these steps.
+
+[Trivy Documentation & Install Guide](https://github.com/aquasecurity/trivy)
+
+The following command generates a `pom.xml` file with the same exact dependencies
+declared as they are in the build.gradle file.
+
+The reason why we need this step is because Trivy does not yet support build.gradle
+files, only pom.xml files.
+
+```sh
+./gradlew generatePomFileForPublication
+```
+
+After this step, we now have a pom.xml file, but with the wrong name because
+Trivy will only accept these if the file is called exactly `pom.xml` but the
+script above will name it as `pom-default.xml` which Trivy ignores, so we rename:
+
+```sh
+mv ./build/publications/maven/pom-default.xml ./build/publications/maven/pom.xml
+```
+
+Finally, we are ready to point Trivy to the directory where the `pom.xml` file
+is located and actually run the scan:
+
+```sh
+trivy fs --scanners=vuln ./build/publications/maven/
+```
+
+More information about the Maven Publish Plugin can be found here:
+https://docs.gradle.org/current/userguide/publishing_maven.html
+
 ## TODO
 
 1. Create an Error class
diff --git a/weaver/core/drivers/corda-driver/build.gradle b/weaver/core/drivers/corda-driver/build.gradle
index 9309439001..c018789e6b 100644
--- a/weaver/core/drivers/corda-driver/build.gradle
+++ b/weaver/core/drivers/corda-driver/build.gradle
@@ -33,6 +33,18 @@ plugins {
     id "application"
     id "com.google.protobuf" version "0.8.12"
     id 'org.jetbrains.dokka' version '0.10.1'
+    id 'maven-publish'
+}
+
+// Can be used to generate a pom.xml file which in turn can be used to run a 
+// trivy security audit of the dependencies to check for vulnerable versions.
+// Check the package README.md file for an example to do it via bash commands.
+publishing {
+    publications {
+        maven(MavenPublication) {
+            from components.java
+        }
+    }
 }
 
 Properties constants = new Properties()