diff --git a/.github/python-ci.yml b/.github/workflows/python-ci.yml
similarity index 55%
rename from .github/python-ci.yml
rename to .github/workflows/python-ci.yml
index 9a7c99b..18a339b 100644
--- a/.github/python-ci.yml
+++ b/.github/workflows/python-ci.yml
@@ -2,13 +2,24 @@ name: Connector CI
 on:
   pull_request:
 
+concurrency:
+  group: ghas-security-scan-${{ github.ref }}
+  cancel-in-progress: true
+
 jobs:
+  infra-scan:
+    permissions:
+      contents: read
+      pull-requests: write
+      security-events: write
+    uses: notdodo/github-actions/.github/workflows/infra-security-scan.yml@infra-scan-v0
+
   python-ci-pulumi:
     permissions:
       contents: read
     uses: notdodo/github-actions/.github/workflows/python-ci.yml@python-ci-v0
     with:
-      working-directory: "."
+      working-directory: '.'
 
   build-docker-image:
     permissions:
@@ -21,4 +32,9 @@ jobs:
     with:
       image: digintlab/opencti-connector
       platforms: linux/amd64, linux/amd64
+      egress-policy-allowlist: >
+        deb.debian.org:443
+        deb.debian.org:80
+        files.pythonhosted.org:443
+        pypi.org:443
       push: false
diff --git a/Dockerfile b/Dockerfile
index 1ea5fbb..774667b 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -26,6 +26,7 @@ HEALTHCHECK NONE
 
 ENV PATH="/app/.venv/bin:${PATH}"
 
+# kics-scan ignore-line
 RUN apt update && apt install -y libmagic-dev
 
 RUN adduser --system --no-create-home app
diff --git a/config.yml.sample b/config.yml.sample
index ae16aec..388e7ab 100644
--- a/config.yml.sample
+++ b/config.yml.sample
@@ -1,6 +1,6 @@
 opencti:
-  url: http://opencti:8080
-  token: "CHANGE_ME"
+  url: 'http://opencti:8080'
+  token: "ChangeMe"
 
 connector:
   id: ChangeMe
@@ -8,7 +8,7 @@ connector:
   name: DEP Connector
   scope: incident,identity,indicator
   log_level: info
-  interval: 3600
+  interval: 3600 # In seconds
 
 # Connector specific configuration
 # All values can also be provided with environment variables prefixed with
@@ -28,4 +28,4 @@ dep:
   extended_results: true
   enable_site_indicator: true
   enable_hash_indicator: true
-  skip_empty_victim: true
+  skip_empty_victim: true
\ No newline at end of file
diff --git a/docker-compose.yml b/docker-compose.yml
index 8b62d5b..e2debde 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -1,3 +1,4 @@
+# kics-scan ignore
 services:
   rsa-key-generator:
     image: alpine/openssl:3.5.2