diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md
index 8b4cf8b..73d8feb 100644
--- a/.github/PULL_REQUEST_TEMPLATE.md
+++ b/.github/PULL_REQUEST_TEMPLATE.md
@@ -1,11 +1,13 @@
-# Summary
+# Changes
 
-{FIXME}
+## Issues
+
+- #{FIXME}
 
-# Details
+## Summary
 
 {FIXME}
 
-# Changes in action
+## Changes in action
 
 {FIXME}
diff --git a/LICENSE.md b/.github/actions/scan-image/LICENSE
similarity index 98%
rename from LICENSE.md
rename to .github/actions/scan-image/LICENSE
index f5f68e3..e885c59 100644
--- a/LICENSE.md
+++ b/.github/actions/scan-image/LICENSE
@@ -1,4 +1,4 @@
-# The UnLicense
+The UnLicense
 
 This is free and unencumbered software released into the public domain.
 
diff --git a/.github/workflows/LICENSE b/.github/workflows/LICENSE
new file mode 100644
index 0000000..e885c59
--- /dev/null
+++ b/.github/workflows/LICENSE
@@ -0,0 +1,26 @@
+The UnLicense
+
+This is free and unencumbered software released into the public domain.
+
+Anyone is free to copy, modify, publish, use, compile, sell, or
+distribute this software, either in source code form or as a compiled
+binary, for any purpose, commercial or non-commercial, and by any
+means.
+
+In jurisdictions that recognize copyright laws, the author or authors
+of this software dedicate any and all copyright interest in the
+software to the public domain. We make this dedication for the benefit
+of the public at large and to the detriment of our heirs and
+successors. We intend this dedication to be an overt act of
+relinquishment in perpetuity of all present and future rights to this
+software under copyright law.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR
+OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
+ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
+OTHER DEALINGS IN THE SOFTWARE.
+
+For more information, please refer to <https://unlicense.org>
diff --git a/.github/workflows/always.yml b/.github/workflows/always.yml
index ee15bdf..64669d5 100644
--- a/.github/workflows/always.yml
+++ b/.github/workflows/always.yml
@@ -1,10 +1,40 @@
 name: "[C]ontinuous [I]ntegration"
+
 on:
   push:
   workflow_dispatch: # Allows you to run this workflow manually from the Actions tab
 
+permissions:
+  contents: read
+
 jobs:
   lint:
-    uses: percebus/github-actions-npm/.github/workflows/npm_run_script.yml@main
+    uses: percebus/github-actions-npm/.github/workflows/run_script.yml@main
     with:
       script: lint
+
+  codeQL:
+    needs: lint
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    strategy:
+      fail-fast: false
+      matrix:
+        language:
+          - actions
+
+    name: "CodeQL: ${{ matrix.language }}"
+    steps:
+      - uses: percebus/github-actions-common/.github/actions/checkout@main
+
+      - name: setup CodeQL
+        uses: github/codeql-action/init@v3
+        with:
+          languages: ${{ matrix.language }}
+
+      - name: CodeQL
+        uses: github/codeql-action/analyze@v3
diff --git a/.github/workflows/pull_request.yml b/.github/workflows/pull_request.yml
new file mode 100644
index 0000000..b6e2b8e
--- /dev/null
+++ b/.github/workflows/pull_request.yml
@@ -0,0 +1,17 @@
+name: Pull Request
+
+# "This run was triggered by the "push" event, which is unsupported.
+#  Please ensure you are using the "pull_request" event for this workflow."
+on:
+  pull_request:
+
+concurrency:
+  group: ${{ github.ref }}-${{ github.workflow }}
+  cancel-in-progress: true
+
+jobs:
+  audit:
+    uses: percebus/github-actions-npm/.github/workflows/dependency-review.yml@main
+    permissions:
+      contents: read
+      pull-requests: read
diff --git a/.github/workflows/test_actions__scan-image.yml b/.github/workflows/test_actions__scan-image.yml
index 9cc9764..82ed58c 100644
--- a/.github/workflows/test_actions__scan-image.yml
+++ b/.github/workflows/test_actions__scan-image.yml
@@ -1,8 +1,13 @@
 name: Test actions/scan-image
+
 on:
   push:
   workflow_dispatch: # Allows you to run this workflow manually from the Actions tab
 
+concurrency:
+  group: ${{ github.ref }}-${{ github.workflow }}
+  cancel-in-progress: true
+
 # NOTE: Fixes "Error: Resource not accessible by integration"
 permissions:
   contents: read
diff --git a/LICENSE b/LICENSE
new file mode 100644
index 0000000..e885c59
--- /dev/null
+++ b/LICENSE
@@ -0,0 +1,26 @@
+The UnLicense
+
+This is free and unencumbered software released into the public domain.
+
+Anyone is free to copy, modify, publish, use, compile, sell, or
+distribute this software, either in source code form or as a compiled
+binary, for any purpose, commercial or non-commercial, and by any
+means.
+
+In jurisdictions that recognize copyright laws, the author or authors
+of this software dedicate any and all copyright interest in the
+software to the public domain. We make this dedication for the benefit
+of the public at large and to the detriment of our heirs and
+successors. We intend this dedication to be an overt act of
+relinquishment in perpetuity of all present and future rights to this
+software under copyright law.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR
+OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
+ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
+OTHER DEALINGS IN THE SOFTWARE.
+
+For more information, please refer to <https://unlicense.org>
diff --git a/README.md b/README.md
index 098633e..a99320c 100644
--- a/README.md
+++ b/README.md
@@ -1,8 +1,8 @@
 # github-actions-containerization
 
-[LICENSE](./LICENSE.md)
+[![[C]ontinuous [I]ntegration](https://github.com/percebus/github-actions-containerization/actions/workflows/always.yml/badge.svg)](https://github.com/percebus/github-actions-containerization/actions/workflows/always.yml) [![Pull Request](https://github.com/percebus/github-actions-containerization/actions/workflows/pull_request.yml/badge.svg?event=pull_request)](https://github.com/percebus/github-actions-containerization/actions/workflows/pull_request.yml)
 
-[![[C]ontinuous [I]ntegration](https://github.com/percebus/github-actions-containerization/actions/workflows/always.yml/badge.svg)](https://github.com/percebus/github-actions-containerization/actions/workflows/always.yml)
+[`LICENSE`](./LICENSE)
 
 github reusable actions &amp; workflows for containerization
 
diff --git a/package.json b/package.json
index cf23b5c..0f095b8 100644
--- a/package.json
+++ b/package.json
@@ -4,9 +4,9 @@
   "description": "github reusable actions and workflows for container images",
   "main": "index.js",
   "scripts": {
-    "prettier": "prettier .",
-    "prettier:write": "npm run prettier -- --write",
-    "prettier:check": "npm run prettier -- --check",
+    "_prettier": "prettier .",
+    "prettier:write": "npm run _prettier -- --write",
+    "prettier:check": "npm run _prettier -- --check",
     "lint": "npm run prettier:check",
     "style": "npm run prettier:write",
     "poststyle": "npm run lint",
@@ -27,7 +27,7 @@
     "image"
   ],
   "author": "JCystems",
-  "license": "SEE LICENSE IN LICENSE.md",
+  "license": "SEE LICENSE IN LICENSE",
   "bugs": {
     "url": "https://github.com/percebus/github-actions-containerization/issues"
   },