diff --git a/.github/workflows/security-scan.yml b/.github/workflows/security-scan.yml
index 766258f..1a60bc3 100644
--- a/.github/workflows/security-scan.yml
+++ b/.github/workflows/security-scan.yml
@@ -1,7 +1,7 @@
 name: Security scan
 on:
-  # Run only on version bump pull requests that modify Dockerfile
-  pull_request:
+  # Run only on pushes to version bump pull requests that modify Dockerfile
+  push:
     paths:
       - '**/Dockerfile'
     branches:
@@ -17,12 +17,12 @@ jobs:
         uses: actions/checkout@v4
       - name: Run Trivy in table mode
         # Table output is only useful when running on a pull request or push.
-        if: contains(fromJSON('["pull_request"]'), github.event_name)
+        if: contains(fromJSON('["push"]'), github.event_name)
         uses: aquasecurity/trivy-action@0.28.0
         with:
           scan-type: fs
-          scan-ref: ./newrelic-php-daemon-docker/${{ github.ref_name }}
-          trivy-config: ./newrelic-php-daemon-docker/trivy.yaml
+          scan-ref: ./${{ github.ref_name }}
+          trivy-config: ./trivy.yaml
           format: table
           exit-code: 1
 
diff --git a/9.22.0/Dockerfile b/9.22.0/Dockerfile
new file mode 100644
index 0000000..82d2b4f
--- /dev/null
+++ b/9.22.0/Dockerfile
@@ -0,0 +1,30 @@
+#------------------------------------------------------------------------------
+# Copyright [2019] New Relic Corporation. All rights reserved.
+# SPDX-License-Identifier: Apache-2.0
+#------------------------------------------------------------------------------
+
+
+FROM alpine:3.13 AS build
+
+ENV NEWRELIC_VERSION 11.3.0.16
+ENV NEWRELIC_NAME newrelic-php5-${NEWRELIC_VERSION}-linux-musl
+ENV NEWRELIC_SHA bebd7cb1137296c78b04816654c02fe330efc937947a00c6d7239f197835c5d1
+
+RUN set -ex; \
+        wget -O /tmp/${NEWRELIC_NAME}.tar.gz https://download.newrelic.com/php_agent/archive/${NEWRELIC_VERSION}/${NEWRELIC_NAME}.tar.gz; \
+        cd /tmp/; \
+        echo "$NEWRELIC_SHA  $NEWRELIC_NAME.tar.gz" | sha256sum -c; \
+        tar -xzf ${NEWRELIC_NAME}.tar.gz; \
+        export NR_INSTALL_SILENT=1; \
+        ${NEWRELIC_NAME}/newrelic-install install_daemon
+
+FROM alpine:3.13
+
+COPY --from=build /usr/bin/newrelic-daemon /bin/newrelic-daemon
+
+HEALTHCHECK --interval=5s --timeout=1s --start-period=1s --retries=3 CMD pidof newrelic-daemon || exit 1
+
+EXPOSE 31339
+
+ENTRYPOINT [ "/bin/newrelic-daemon" ]
+CMD ["--foreground", "--logfile", "/proc/self/fd/1", "--port", "31339"]
diff --git a/9.22.0/docker-entrypoint.sh b/9.22.0/docker-entrypoint.sh
new file mode 100644
index 0000000..e460c20
--- /dev/null
+++ b/9.22.0/docker-entrypoint.sh
@@ -0,0 +1,26 @@
+#!/bin/sh
+#------------------------------------------------------------------------------
+# Copyright [2019] New Relic Corporation. All rights reserved.
+# SPDX-License-Identifier: Apache-2.0
+#------------------------------------------------------------------------------
+set -e
+
+defaultArgs=" --logfile /proc/self/fd/1 --watchdog-foreground --address=$(hostname):31339"
+
+case "$1" in
+  -*)
+    #args start with a flag
+    set -- /usr/bin/newrelic-daemon $defaultArgs "$@"
+    ;;
+  '/usr/bin/newrelic-daemon')
+    # Remove the first element from the arguments
+    shift 1
+    set -- /usr/bin/newrelic-daemon $defaultArgs "$@"
+    ;;
+  *)
+    #likely invalid args, but the daemon will handle it with graceful messages.
+    set -- /usr/bin/newrelic-daemon $defaultArgs "$@"
+    ;;
+esac
+
+exec "$@"