diff --git a/harbor-scanner-trivy.yaml b/harbor-scanner-trivy.yaml
index a99cb7c085a..a8dcc208098 100644
--- a/harbor-scanner-trivy.yaml
+++ b/harbor-scanner-trivy.yaml
@@ -1,7 +1,7 @@
 package:
   name: harbor-scanner-trivy
   version: "0.34.1"
-  epoch: 1 # CVE-2025-61729
+  epoch: 2 # CVE-2025-61729
   description: Use Trivy as a plug-in vulnerability scanner in the Harbor registry
   copyright:
     - license: Apache-2.0
@@ -29,7 +29,62 @@ pipeline:
       packages: ./cmd/scanner-trivy
       output: scanner-trivy
 
-  - uses: strip
+# we should be following the version matrix in the official repo:
+# https://github.com/goharbor/harbor-scanner-trivy#version-matrix
+subpackages:
+  - name: ${{package.name}}-iamguarded-compat
+    description: "compat package with iamguarded/harbor-adapter-trivy image"
+    dependencies:
+      runtime:
+        - bash
+        - coreutils
+        - findutils
+        - gawk
+        - grep
+        - posix-libc-utils
+        - procps
+        - sed
+        - wolfi-baselayout
+    pipeline:
+      - uses: iamguarded/build-compat
+        with:
+          package: harbor-adapter-trivy
+          version: "2.14"
+      - runs: |
+          mkdir -p /opt/iamguarded/harbor-adapter-trivy/bin
+          chmod g+rwX /opt/iamguarded
+
+          # Create symlink for scanner-trivy binary
+          ln -sf /usr/bin/scanner-trivy /opt/iamguarded/harbor-adapter-trivy/bin/scanner-trivy
+
+          # Disable some commands used in iamguarded scripts. These commands more likely fail in this since this image take non root approach
+          sed -i 's/chown -R "$SCANNER_TRIVY_DAEMON_USER" "$dir"/# chown -R "$SCANNER_TRIVY_DAEMON_USER" "$dir"/g' /opt/iamguarded/scripts/harbor-adapter-trivy/postunpack.sh
+          sed -i 's/ensure_user_exists/# ensure_user_exists/g' /opt/iamguarded/scripts/harbor-adapter-trivy/postunpack.sh
+      - uses: iamguarded/finalize-compat
+        with:
+          package: harbor-adapter-trivy
+          version: "2.14"
+    test:
+      environment:
+        contents:
+          packages:
+            - ${{package.name}}
+            - wait-for-port
+            - wget
+      pipeline:
+        - uses: iamguarded/test-compat
+          with:
+            package: harbor-adapter-trivy
+            version: "2.14"
+        - name: Verify iamguarded symlinks work
+          runs: |
+            # Test scanner-trivy command through symlink - starts server, verify it listens on 8080
+            /opt/iamguarded/harbor-adapter-trivy/bin/scanner-trivy &
+            PID=$!
+            wait-for-port 8080
+            # Verify server is listening on port 8080
+            curl -sfL --retry 3 http://localhost:8080/probe/healthy
+            kill $PID
 
 test:
   pipeline: