diff --git a/.github/workflows/ubuntu-latest.yml b/.github/workflows/ubuntu-latest.yml
index 5792ec0..67a2488 100644
--- a/.github/workflows/ubuntu-latest.yml
+++ b/.github/workflows/ubuntu-latest.yml
@@ -6,8 +6,18 @@ on:
   pull_request:
     branches: [ master ]
 
+# Restrict default permissions for security
+permissions:
+  contents: read
+
+# Prevent duplicate workflow runs
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
 jobs:
   ubuntu:
+    name: Ruby Tests
     runs-on: ubuntu-latest
 
     strategy:
@@ -15,7 +25,9 @@ jobs:
         ruby: [ '2.6', '2.7' ]
 
     steps:
-    - uses: actions/checkout@v3
+    - uses: actions/checkout@v4
+      with:
+        persist-credentials: false
     - name: Set up Ruby
       uses: ruby/setup-ruby@90be1154f987f4dc0fe0dd0feedac9e473aa4ba8 # v1
       with: