diff --git a/.dockerignore b/.dockerignore
new file mode 100644
index 0000000..0c816a8
--- /dev/null
+++ b/.dockerignore
@@ -0,0 +1,14 @@
+.env.local
+.env.local.php
+.env.*.local
+config/secrets/prod/prod.decrypt.private.php
+public/bundles/
+var/
+vendor/
+supervisord.log
+supervisord.pid
+.composer/
+.vscode
+composer.phar
+/tools
+/.trivy
diff --git a/.gitignore b/.gitignore
index c80f5c7..725420b 100644
--- a/.gitignore
+++ b/.gitignore
@@ -18,3 +18,5 @@ composer.phar
 /.npm
 /.local
 /.bash_history
+/tools
+/.trivy
diff --git a/.trivyignore.yaml b/.trivyignore.yaml
new file mode 100644
index 0000000..53c11f2
--- /dev/null
+++ b/.trivyignore.yaml
@@ -0,0 +1,17 @@
+vulnerabilities:
+  - id: CVE-2023-39325
+    paths:
+      - usr/local/bin/gomplate
+    statement: Not concerned
+  - id: CVE-2023-3978
+    paths:
+      - usr/local/bin/gomplate
+    statement: Not concerned
+  - id: CVE-2023-44487
+    paths:
+      - usr/local/bin/gomplate
+    statement: Not concerned
+  - id: GHSA-m425-mq94-257g
+    paths:
+      - usr/local/bin/gomplate
+    statement: Not concerned
\ No newline at end of file
diff --git a/Jenkinsfile b/Jenkinsfile
index 69e458d..4f06e43 100644
--- a/Jenkinsfile
+++ b/Jenkinsfile
@@ -4,4 +4,25 @@
 // Utilisation du pipeline partagé pour les applications Symfony de Cadoles
 // Le nom de l'image Docker passée en paramètre vous permet de préciser l'environnement de test
 // de votre application Symfony
-symfonyAppPipeline("ubuntu:22.04")
\ No newline at end of file
+symfonyAppPipeline('ubuntu:22.04', [
+    'hooks': [
+        // Run docker image build, verification and publication stages
+        'postSymfonyAppPipeline': {
+            boolean isRelease = ["develop", "staging", "master"].contains(env.BRANCH_NAME)
+            stage('Build and publish hydra-sql standalone image') {
+                container.buildAndPublishImage([
+                    'imageName': 'reg.cadoles.com/cadoles/hydra-sql-standalone',
+                    'dockerfile': './misc/images/hydra-sql-standalone/Dockerfile',
+                    'dryRun': !isRelease
+                ])
+            }
+            stage('Build and publish hydra-sql base image') {
+                container.buildAndPublishImage([
+                    'imageName': 'reg.cadoles.com/cadoles/hydra-sql-base',
+                    'dockerfile': './misc/images/hydra-sql-base/Dockerfile',
+                    'dryRun': !isRelease
+                ])
+            }
+        }
+    ]
+])
diff --git a/Makefile b/Makefile
index eebbcd6..96c5541 100644
--- a/Makefile
+++ b/Makefile
@@ -1,46 +1,40 @@
-CI_COMPOSE=FIXUID=$(shell id -u) FIXGID=$(shell id -g) docker-compose -f docker-compose.yml
-HYDRA_SQL_SHELL_USER ?= www-data:
-DOCKER_CMD ?=
-DOCKER_IMAGE_NAME ?= login-app-sql_hydra-sql
-up:
-	FIXUID=$(shell id -u) FIXGID=$(shell id -g) docker-compose up --build
 
-down:
-	docker-compose down -v
+IMAGE_REPO ?= reg.cadoles.com/cadoles
+IMAGES_DIR := misc/images
+IMAGES := $(foreach file, $(wildcard $(IMAGES_DIR)/*), $(basename $(notdir $(file))))
 
-purge:
-	docker-compose down -v --remove-orphans --rmi local
+TRIVY_ARGS ?=
 
-hydra-sql-shell:
-	$(CI_COMPOSE) exec \
-		-u "$(HYDRA_SQL_SHELL_USER)" \
-		hydra-sql \
-		/bin/bash
+build-image: $(foreach image, $(IMAGES), build-image-$(image))
 
+build-image-%:
+	docker build \
+		-t "${IMAGE_REPO}/$*:latest" \
+		-f ${IMAGES_DIR}/$*/Dockerfile \
+		.
 
-APP_LOCALES ?= fr,en
-HYDRA_ADMIN_BASE_URL ?= http://hydra:4445
-TRUSTED_PROXIES ?= 127.0.0.1,REMOTE_ADDR,localhost
-ISSUER_URL ?= http://localhost:8000
-BASE_URL ?= http://localhost:8080
-DB_USER ?= lasql
-DB_PASSWORD ?= lasql
-DEFAULT_LOCALE ?= fr
-BDD ?= postgres
-DSN_REMOTE_DATABASE=mysql:host=mariadb;port=3306;dbname=lasql
+scan-image: $(foreach image, $(IMAGES), scan-image-$(image))
 
-up-mysql:
-	docker run \
-		-it --rm \
-		-p 8080:80 \
-		-e APP_LOCALES=$(APP_LOCALES) \
-		-e HYDRA_ADMIN_BASE_URL=$(HYDRA_ADMIN_BASE_URL) \
-		-e TRUSTED_PROXIES=$(TRUSTED_PROXIES) \
-		-e ISSUER_URL=$(ISSUER_URL) \
-		-e BASE_URL=$(BASE_URL) \
-		-e DB_USER=$(DB_USER) \
-		-e DB_PASSWORD=$(DB_PASSWORD) \
-		-e DEFAULT_LOCALE=$(DEFAULT_LOCALE) \
-		-e DSN_REMOTE_DATABASE=$(DSN_REMOTE_DATABASE) \
-		$(DOCKER_IMAGE_NAME):latest \
-		$(DOCKER_CMD)
+scan-image-%: tools/trivy/bin/trivy
+	mkdir -p .trivy/.cache
+	tools/trivy/bin/trivy --cache-dir .trivy/.cache --ignorefile .trivyignore.yaml image  $(TRIVY_ARGS) $(IMAGE_REPO)/$*:latest
+
+release-image: $(foreach image, $(IMAGES), release-image-$(image))
+
+release-image-%: .mktools
+	@[ ! -z "$(MKT_PROJECT_VERSION)" ] || ( echo "Just downloaded mktools. Please re-run command."; exit 1 )
+	docker tag "${IMAGE_REPO}/$*:latest" "${IMAGE_REPO}/$*:$(MKT_PROJECT_VERSION)"
+	docker tag "${IMAGE_REPO}/$*:latest" "${IMAGE_REPO}/$*:$(MKT_PROJECT_SHORT_VERSION)"
+	docker push "${IMAGE_REPO}/$*:$(MKT_PROJECT_VERSION)"
+	docker push "${IMAGE_REPO}/$*:$(MKT_PROJECT_SHORT_VERSION)"
+	docker push "${IMAGE_REPO}/$*:latest"
+
+tools/trivy/bin/trivy:
+	mkdir -p tools/trivy/bin
+	curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b ./tools/trivy/bin v0.47.0
+
+.mktools:
+	rm -rf .mktools
+	curl -q https://forge.cadoles.com/Cadoles/mktools/raw/branch/master/install.sh | TASKS="version" $(SHELL)
+
+-include .mktools/*.mk
diff --git a/misc/images/hydra-sql-base/Dockerfile b/misc/images/hydra-sql-base/Dockerfile
new file mode 100644
index 0000000..0468c6e
--- /dev/null
+++ b/misc/images/hydra-sql-base/Dockerfile
@@ -0,0 +1,16 @@
+ARG NODE_OPTIONS="--openssl-legacy-provider"
+ARG PHP_PKG_VERSION="8.1.22-r0"
+ARG ADDITIONAL_PACKAGES="bash=5.2.15-r0 \
+                         build-base=0.5-r3 \
+                         php81-gd=${PHP_PKG_VERSION}    \
+                         php81-xsl=${PHP_PKG_VERSION}   \
+                         php81-pdo=${PHP_PKG_VERSION}   \
+                         php81-pgsql=${PHP_PKG_VERSION} \
+                         php81-pdo_pgsql=${PHP_PKG_VERSION} \
+                         php81-soap=${PHP_PKG_VERSION} \
+                         php81-ldap=${PHP_PKG_VERSION} \
+                         php81-pdo_mysql=${PHP_PKG_VERSION} \
+                         php81-bcmath=${PHP_PKG_VERSION}"
+
+FROM reg.cadoles.com/cadoles/symfony:alpine-php-8.1-standalone-2023.11.16-stable.1541.eec311d
+
diff --git a/misc/images/hydra-sql-standalone/Dockerfile b/misc/images/hydra-sql-standalone/Dockerfile
new file mode 100644
index 0000000..0468c6e
--- /dev/null
+++ b/misc/images/hydra-sql-standalone/Dockerfile
@@ -0,0 +1,16 @@
+ARG NODE_OPTIONS="--openssl-legacy-provider"
+ARG PHP_PKG_VERSION="8.1.22-r0"
+ARG ADDITIONAL_PACKAGES="bash=5.2.15-r0 \
+                         build-base=0.5-r3 \
+                         php81-gd=${PHP_PKG_VERSION}    \
+                         php81-xsl=${PHP_PKG_VERSION}   \
+                         php81-pdo=${PHP_PKG_VERSION}   \
+                         php81-pgsql=${PHP_PKG_VERSION} \
+                         php81-pdo_pgsql=${PHP_PKG_VERSION} \
+                         php81-soap=${PHP_PKG_VERSION} \
+                         php81-ldap=${PHP_PKG_VERSION} \
+                         php81-pdo_mysql=${PHP_PKG_VERSION} \
+                         php81-bcmath=${PHP_PKG_VERSION}"
+
+FROM reg.cadoles.com/cadoles/symfony:alpine-php-8.1-standalone-2023.11.16-stable.1541.eec311d
+