diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 616a463..6a31102 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -19,3 +19,11 @@ updates:
       day: "sunday"
       time: "21:00"
       timezone: "America/Los_Angeles"
+
+  - package-ecosystem: github-actions
+    directory: /
+    schedule:
+      interval: "weekly"
+      day: "sunday"
+      time: "21:00"
+      timezone: "America/Los_Angeles"
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
new file mode 100644
index 0000000..96d85e6
--- /dev/null
+++ b/.pre-commit-config.yaml
@@ -0,0 +1,17 @@
+# SPDX-FileCopyrightText: 2025 Intel Corporation
+# SPDX-License-Identifier: Apache-2.0
+
+repos:
+- repo: https://github.com/gitleaks/gitleaks
+  rev: v8.29.0
+  hooks:
+  - id: gitleaks
+- repo: https://github.com/golangci/golangci-lint
+  rev: v2.6.1
+  hooks:
+  - id: golangci-lint
+- repo: https://github.com/pre-commit/pre-commit-hooks
+  rev: v6.0.0
+  hooks:
+  - id: end-of-file-fixer
+  - id: trailing-whitespace
diff --git a/Dockerfile b/Dockerfile
index 5659406..51a5a32 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -3,13 +3,13 @@
 # SPDX-License-Identifier: Apache-2.0
 #
 
-FROM golang:1.25.4-bookworm AS builder
+FROM golang:1.25.4-bookworm@sha256:e17419604b6d1f9bc245694425f0ec9b1b53685c80850900a376fb10cb0f70cb AS builder
 
 WORKDIR $GOPATH/src/metricfunc
 COPY . .
 RUN make all
 
-FROM alpine:3.22 AS metricfunc
+FROM alpine:3.22@sha256:4b7ce07002c69e8f3d704a9c5d6fd3053be500b7f1c69fc0d80990c2ad8dd412 AS metricfunc
 
 LABEL maintainer="Aether SD-Core <dev@lists.aetherproject.org>" \
     description="Aether open source 5G Core Network" \
diff --git a/README.md b/README.md
index 34a00b8..99bbbd7 100644
--- a/README.md
+++ b/README.md
@@ -4,6 +4,7 @@ SPDX-FileCopyrightText: 2022-present Intel Corporation
 SPDX-License-Identifier: Apache-2.0
 -->
 [![Go Report Card](https://goreportcard.com/badge/github.com/omec-project/metricfunc)](https://goreportcard.com/report/github.com/omec-project/metricfunc)
+[![OpenSSF Scorecard](https://api.scorecard.dev/projects/github.com/omec-project/metricfunc/badge)](https://scorecard.dev/viewer/?uri=github.com/omec-project/metricfunc)
 
 # Metric Function
 
@@ -29,9 +30,11 @@ SPDX-License-Identifier: Apache-2.0
 5. GetNfServiceStatsAll (/nmetric-func/v1/nfServiceStats/all)
 
 
-
 For more details about the Grafana Dashboard, please refer- https://docs.aetherproject.org/master/developer/aiabhw5g.html#enable-monitoring
 
 For more details about the Metric-Function, please refer- https://docs.sd-core.opennetworking.org/master/design/design-metricfunc.html
 
+# Reach out to us through
+
+1. #sdcore-dev channel in [Aether Community Slack](https://aether5g-project.slack.com)
 
diff --git a/docs/SECURITY.md b/docs/SECURITY.md
new file mode 100644
index 0000000..f79ab66
--- /dev/null
+++ b/docs/SECURITY.md
@@ -0,0 +1,41 @@
+<!--
+SPDX-FileCopyrightText: 2025 Intel Corporation
+SPDX-License-Identifier: Apache-2.0
+-->
+# Security Policy
+
+## Supported Versions
+
+We release patches for security vulnerabilities in the following versions:
+
+| Version | Supported          |
+| ------- | ------------------ |
+| 1.x.x   | :white_check_mark: |
+
+## Reporting a Vulnerability
+
+If you discover a security vulnerability, please:
+
+1. **DO NOT** create a public GitHub issue
+2. Email us at: info@aetherproject.org
+3. Include detailed information about the vulnerability
+4. Allow us reasonable time to address the issue before public disclosure
+
+### What to Include
+
+- Description of the vulnerability
+- Steps to reproduce the issue
+- Potential impact assessment
+- Any proof-of-concept code (if applicable)
+
+## Security Best Practices
+
+When using this project:
+- Keep dependencies up to date
+- Use the latest supported version
+- Follow secure coding practices
+- Regularly audit your implementation
+
+## Contact
+
+Please see [here](https://github.com/omec-project/metricfunc/?tab=readme-ov-file#reach-out-to-us-through)