diff --git a/.github/workflows/4testing-build.yml b/.github/workflows/4testing-build.yml
index 684f898..9f291ff 100644
--- a/.github/workflows/4testing-build.yml
+++ b/.github/workflows/4testing-build.yml
@@ -101,6 +101,7 @@ jobs:
           password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}
 
       - name: Build 4testing
+        id: build-ds
         run: |
           set -eux
 
@@ -145,4 +146,29 @@ jobs:
 
           docker buildx bake -f docker-bake.hcl ${{ matrix.image }} --push
           echo "DONE: Build success"
+
+          ### Set output for Zap scanner
+          ### NOTE: Output will be used only in release/hotfix branches
+          
+          echo "version=${TAG}" >> "$GITHUB_OUTPUT"
+          echo "branch=${BRANCH_NAME}" >> "$GITHUB_OUTPUT"
         shell: bash
+
+      # Run scanner only when edition is community 
+      # and branch hit release/ or hotfix/
+      - name: Trigger zap manualy
+        if: >-
+             matrix.edition == '' &&
+             (startsWith(steps.build-ds.outputs.branch, 'release/') ||
+              startsWith(steps.build-ds.outputs.branch, 'hotfix/'))
+        env:
+          VERSION: ${{ steps.build-ds.outputs.version }}
+          BRANCH: ${{ steps.build-ds.outputs.branch }}
+          GITHUB_TOKEN: ${{ secrets.TOKEN }}
+        run: |
+            gh workflow run zap-ds.yaml \
+                 --repo ${{ github.repository }} \
+                 -f branch=${BRANCH} \
+                 -f version=${VERSION}
+        shell: bash
+