diff --git a/cesnet-central/playbooks/security-scanner.yaml b/cesnet-central/playbooks/security-scanner.yaml
new file mode 120000
index 0000000000000000000000000000000000000000..186bdc1efb3d1fccced44e30f5935dcd0812d628
--- /dev/null
+++ b/cesnet-central/playbooks/security-scanner.yaml
@@ -0,0 +1 @@
+../../common/playbooks/security-scanner.yaml
\ No newline at end of file
diff --git a/cesnet-central/playbooks/templates/deepfence-agent.yaml.j2 b/cesnet-central/playbooks/templates/deepfence-agent.yaml.j2
new file mode 120000
index 0000000000000000000000000000000000000000..faf39564644356473ab65ab4b1bbb4005906c007
--- /dev/null
+++ b/cesnet-central/playbooks/templates/deepfence-agent.yaml.j2
@@ -0,0 +1 @@
+../../../common/playbooks/templates/deepfence-agent.yaml.j2
\ No newline at end of file
diff --git a/common/playbooks/security-scanner.yaml b/common/playbooks/security-scanner.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..623c9b88f6babab6331b16447e13d26db2ad1fcf
--- /dev/null
+++ b/common/playbooks/security-scanner.yaml
@@ -0,0 +1,46 @@
+---
+# Secrets in "/{{ site_name }}":
+#
+# * deepfence_host (required) - management console host
+# * deepfence_key (required)
+#
+- name: Deepfence ThreadManager Agent Deployment
+  hosts: master
+  become: true
+  vars:
+    namespace: deepfence
+    version: 2.3.0  # app 2.3.0
+  tasks:
+    - name: Configure Helm Repo
+      shell: |-
+        helm repo add deepfence https://deepfence-helm-charts.s3.amazonaws.com/threatmapper
+        helm repo update
+      when: "'deepfence' not in ansible_local.helm_repos | map(attribute='name') | list"
+    - name: Get Secrets From Vault
+      set_fact:
+        secret: "{{ lookup('community.hashi_vault.hashi_vault', [ vault_mount_point,  'site-' + site_name] | join('/'), token_validate=false) }}"
+    - name: Debug Secrets
+      debug:
+        msg: "{{ item.key }} = {{ item.value }}"
+      loop: "{{ secret | dict2items }}"
+    - name: Deepfence ThreadManager Agent Configuration
+      template:
+        src: templates/deepfence-agent.yaml.j2
+        dest: /tmp/deepfence-agent.yaml
+        mode: 0600
+    - name: Deploy/upgrade Deepfence ThreadManager Agent
+      shell: |-
+        helm status --namespace {{ namespace }} deepfence-agent
+        if [ $? -ne 0 ]; then
+            helm install --create-namespace --namespace {{ namespace }} \
+                -f /tmp/deepfence-agent.yaml --version {{ version }} \
+                deepfence-agent deepfence/deepfence-agent
+        else
+            helm upgrade --namespace {{ namespace }} \
+                -f /tmp/deepfence-agent.yaml --version {{ version }}  \
+                deepfence-agent deepfence/deepfence-agent
+        fi
+      environment:
+        KUBECONFIG: /etc/kubernetes/admin.conf
+        PATH: /sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin
+      when: true
diff --git a/common/playbooks/templates/deepfence-agent.yaml.j2 b/common/playbooks/templates/deepfence-agent.yaml.j2
new file mode 100644
index 0000000000000000000000000000000000000000..bf13c80180b698b1e6024ef147501fc292370d58
--- /dev/null
+++ b/common/playbooks/templates/deepfence-agent.yaml.j2
@@ -0,0 +1,8 @@
+managementConsoleUrl: "{{ secret['deepfence_host'] | default('') }}"
+deepfenceKey: "{{ secret['deepfence_key'] | default('') }}"
+clusterName: "jupyter-{{ site_name }}"
+mountContainerRuntimeSocket:
+  containerSock: true
+  crioSock: false
+  dockerSock: false
+  podmanSock: false
diff --git a/staging1/deploy.sh b/staging1/deploy.sh
index d509ed3f8ee0f20839400b7b6f99e502270b4bff..2487b4b5ab53920b50e6093c4f14c2fb913b34a6 100755
--- a/staging1/deploy.sh
+++ b/staging1/deploy.sh
@@ -56,3 +56,4 @@ while ansible -m command -a 'kubectl get pods --all-namespaces' master | tail -n
 
 ansible-playbook playbooks/security-assets.yaml
 ansible-playbook playbooks/security-logs.yaml
+ansible-playbook playbooks/security-scanner.yaml
diff --git a/staging1/playbooks/security-scanner.yaml b/staging1/playbooks/security-scanner.yaml
new file mode 120000
index 0000000000000000000000000000000000000000..186bdc1efb3d1fccced44e30f5935dcd0812d628
--- /dev/null
+++ b/staging1/playbooks/security-scanner.yaml
@@ -0,0 +1 @@
+../../common/playbooks/security-scanner.yaml
\ No newline at end of file
diff --git a/staging1/playbooks/templates/deepfence-agent.yaml.j2 b/staging1/playbooks/templates/deepfence-agent.yaml.j2
new file mode 120000
index 0000000000000000000000000000000000000000..faf39564644356473ab65ab4b1bbb4005906c007
--- /dev/null
+++ b/staging1/playbooks/templates/deepfence-agent.yaml.j2
@@ -0,0 +1 @@
+../../../common/playbooks/templates/deepfence-agent.yaml.j2
\ No newline at end of file