diff --git a/README.md b/README.md
index 2b882969..00e62cd8 100644
--- a/README.md
+++ b/README.md
@@ -175,6 +175,7 @@ Molecule can be used to work on this role and test in distinct _scenarios_.
 ```bash
 molecule test -s default
 molecule converge -s wsl -- --check
+molecule verify -s localhost
 ```
 
 local testing uses:
diff --git a/molecule/localhost/converge.yml b/molecule/localhost/converge.yml
new file mode 100644
index 00000000..9a78fb97
--- /dev/null
+++ b/molecule/localhost/converge.yml
@@ -0,0 +1,18 @@
+---
+# This is a playbook to test the tasks.
+- name: Converge
+  hosts: all
+  become: true
+  gather_facts: true
+
+  vars:
+    ansible_user: "{{ lookup('env', 'USER') }}"
+    role_name: "{{ lookup('env', 'MOLECULE_PROJECT_DIRECTORY') | basename }}"
+    rhel8cis_rule_5_3_4: false
+
+  pre_tasks:
+  tasks:
+    - name: "Include tasks"
+      ansible.builtin.include_role:
+        name: "{{ role_name }}"
+
diff --git a/molecule/localhost/molecule.yml b/molecule/localhost/molecule.yml
new file mode 100644
index 00000000..94547051
--- /dev/null
+++ b/molecule/localhost/molecule.yml
@@ -0,0 +1,30 @@
+---
+# Molecule configuration
+# https://molecule.readthedocs.io/en/latest/
+
+driver:
+  name: delegated
+  options:
+    managed: false
+    ansible_connection_options:
+      ansible_connection: local
+platforms:
+  - name: localhost
+
+provisioner:
+  name: ansible
+  config_options:
+    defaults:
+      interpreter_python: auto_silent
+      stdout_callback: yaml
+      callbacks_enabled: profile_tasks, timer
+
+lint: |
+  set -e
+  yamllint .
+  ansible-lint
+  flake8
+
+verifier:
+  name: ansible
+
diff --git a/molecule/localhost/verify.yml b/molecule/localhost/verify.yml
new file mode 100644
index 00000000..58afa467
--- /dev/null
+++ b/molecule/localhost/verify.yml
@@ -0,0 +1,14 @@
+---
+- name: Verify
+  hosts: all
+  gather_facts: false
+  become: true
+
+  vars:
+    role_name: "{{ lookup('env', 'MOLECULE_PROJECT_DIRECTORY') | basename }}"
+
+  tasks:
+    - name: "Include verify tasks"
+      ansible.builtin.include_role:
+        name: "{{ role_name }}"
+        tasks_from: verify
diff --git a/tasks/verify.yml b/tasks/verify.yml
new file mode 100644
index 00000000..bd54f336
--- /dev/null
+++ b/tasks/verify.yml
@@ -0,0 +1,19 @@
+---
+
+- name: Install openscap
+  ansible.builtin.dnf:
+      state: present
+      name:
+          - openscap-scanner
+          - scap-security-guide
+
+- name: Run CIS oscap scan and create /tmp/report.html
+  ansible.builtin.command:
+      oscap xccdf eval \
+          --report /tmp/report.html
+          --profile cis
+          --fetch-remote-resources
+          /usr/share/xml/scap/ssg/content/ssg-almalinux8-ds.xml
+  changed_when: true
+  no_log: false
+  ignore_errors: true