diff --git a/.github/dependabot.yml b/.github/dependabot.yml
new file mode 100644
index 0000000..3d42df6
--- /dev/null
+++ b/.github/dependabot.yml
@@ -0,0 +1,21 @@
+version: 2
+updates:
+  - package-ecosystem: "maven"
+    directory: "/" # Location of your pom.xml file
+    schedule:
+      interval: "weekly" # Check for updates weekly
+    open-pull-requests-limit: 5
+    commit-message:
+      prefix: "deps"
+      include: "scope"
+    target-branch: "main"
+    rebase-strategy: "auto"
+    assignees:
+      - "Prakash-Poatan"
+    reviewers:
+      - "Prakash-Poatan"
+    labels:
+      - "dependencies"
+      - "automated"
+    ignore:
+      - dependency-name: "guava"
diff --git a/.github/workflows/depecheck_test.yml b/.github/workflows/depecheck_test.yml
new file mode 100644
index 0000000..0efbb8d
--- /dev/null
+++ b/.github/workflows/depecheck_test.yml
@@ -0,0 +1,28 @@
+
+on: [push]
+
+jobs:
+  depchecktest:
+    runs-on: ubuntu-latest
+    name: depecheck_test
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+      - name: Build project with Maven
+        run: mvn clean install
+      - name: Depcheck
+        uses: dependency-check/Dependency-Check_Action@main
+        id: Depcheck
+        with:
+          project: 'test'
+          path: '.'
+          format: 'HTML'
+          out: 'reports' # this is the default, no need to specify unless you wish to override it
+          args: >
+            --failOnCVSS 7
+            --enableRetired
+      - name: Upload Test results
+        uses: actions/upload-artifact@master
+        with:
+           name: Depcheck report
+           path: ${{github.workspace}}/reports
diff --git a/.github/workflows/docker-image3.yml b/.github/workflows/docker-image3.yml
new file mode 100644
index 0000000..13f4ccb
--- /dev/null
+++ b/.github/workflows/docker-image3.yml
@@ -0,0 +1,18 @@
+name: Docker Image CI 3
+
+on:
+  push:
+    branches: [ "main" ]
+  pull_request:
+    branches: [ "main" ]
+
+jobs:
+
+  build:
+
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v4
+    - name: Build the Docker image
+      run: docker build . --file Dockerfile --tag my-image-name:$(date +%s)
diff --git a/.gitignore b/.gitignore
index d5dba20..adf4a77 100644
--- a/.gitignore
+++ b/.gitignore
@@ -15,6 +15,7 @@
 *.iws
 *.iml
 *.ipr
+*.txt
 
 ### NetBeans ###
 /nbproject/private/
@@ -23,3 +24,4 @@
 /dist/
 /nbdist/
 /.nb-gradle/
+/assets/
diff --git a/Dockerfile b/Dockerfile
index d090d70..1968eff 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,5 +1,5 @@
 FROM openjdk:13-alpine
-
+# do build volumes
 VOLUME /tmp
 COPY target/*.jar app.jar
 
diff --git a/LICENSE b/LICENSE
index 261eeb9..4568c44 100644
--- a/LICENSE
+++ b/LICENSE
@@ -186,13 +186,10 @@
       same "printed page" as the copyright notice for easier
       identification within third-party archives.
 
-   Copyright [yyyy] [name of copyright owner]
-
    Licensed under the Apache License, Version 2.0 (the "License");
    you may not use this file except in compliance with the License.
    You may obtain a copy of the License at
 
-       http://www.apache.org/licenses/LICENSE-2.0
 
    Unless required by applicable law or agreed to in writing, software
    distributed under the License is distributed on an "AS IS" BASIS,
diff --git a/README.md b/README.md
index 3ce8b7f..729ce8d 100644
--- a/README.md
+++ b/README.md
@@ -1,17 +1,4 @@
-# How to build a DevSecOps Pipeline in GitHub
+# DevSecOps Pipeline in GitHub Actions
 This repository shows you how to build up an enterprise-ready DevSecOps Pipeline with GitHub. 
-It is part of your video series on how to build a DevSecOps Pipeline with GitHub and GitLab.
+It utilises the SCA, SAST, DAST scans with different open source tools such as snyk, dependency check, trivy and Github advanced security configurations such as Dependabot with specific and general rules, CodeQL analysis , Secrets scan, secret protection, push protection and othersfor creating a secure CI and CD workflow during build into main branch on every change.
 
-Here is the link to the blog-post: https://www.romanoroth.com/post/gitlab-vs-github-devsecops
-
-- GitHub: DevSecOps: Part 1/12: What is GitHub? The fundamental concepts of a DevSecOps pipeline. https://youtu.be/_m5KYEi1ThA
-- GitHub: DevSecOps: Part 2/12: Introduction to GitHub https://youtu.be/6ZdxXDu8ZDA 
-- GitHub: DevSecOps: Part 3/12: Learn How to use SCA (Software Composition Analysis) https://youtu.be/xM3elerxjYo
-- GitHub: DevSecOps: Part 4/12: How to ensure License Compliance? https://youtu.be/l7IBh2xkDcQ
-- GitHub: DevSecOps: Part 5/12: Protect your Apps with Static Application Security Testing (SAST) https://youtu.be/p4xS2X5KsNk
-- GitHub: DevSecOps: Part 6/12: How to use Container Scanning https://youtu.be/_ZeKh3GcbgU
-- GitHub: DevSecOps: Part 7/12: How to find secrets in your own code with Secret Scanning https://youtu.be/k-uuPTLNXGM 
-- Coming Soon
-
-
-Link to the GitLab repository: https://gitlab.com/romano_roth/gitlabdevsecopspipeline
diff --git a/mvnw b/mvnw
index d420d3c..9631fe6 100644
--- a/mvnw
+++ b/mvnw
@@ -9,7 +9,6 @@
 # with the License.  You may obtain a copy of the License at
 #
 #    http://www.apache.org/licenses/LICENSE-2.0
-#
 # Unless required by applicable law or agreed to in writing,
 # software distributed under the License is distributed on an
 # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
diff --git a/pom.xml b/pom.xml
index 8f31401..f9722e5 100644
--- a/pom.xml
+++ b/pom.xml
@@ -35,7 +35,24 @@
 			<artifactId>spring-boot-starter-test</artifactId>
 			<scope>test</scope>
 		</dependency>
+		<dependency>
+			<groupId>org.apache.logging.log4j</groupId>
+			<artifactId>log4j-core</artifactId>
+			<version>2.14.1</version>
+		</dependency>
+        <!-- https://mvnrepository.com/artifact/org.apache.logging.log4j/log4j-api -->
+		<dependency>
+			<groupId>org.apache.logging.log4j</groupId>
+			<artifactId>log4j-api</artifactId>
+			<version>2.14.1</version>
+		</dependency>
+		<dependency>
+			<groupId>org.apache.velocity</groupId>
+			<artifactId>velocity</artifactId>
+			<version>1.7</version>
+		</dependency>
 	</dependencies>
+	
 
 	<build>
 		<plugins>
diff --git a/src/main/java/com/example/demo/controller/Controller.java b/src/main/java/com/example/demo/controller/Controller.java
index 95bb452..33bcfc5 100644
--- a/src/main/java/com/example/demo/controller/Controller.java
+++ b/src/main/java/com/example/demo/controller/Controller.java
@@ -19,7 +19,7 @@ public class Controller {
     // these are for secret detection
     private final static String username="User1";
     private final static String password="password";
-    private final static String pwd="password2";
+    private final static String pwd="password@2";
 
     private final static String pwdtest="pwd_Test22";
     //use pwd pwd_BlaTest24
@@ -32,7 +32,7 @@ public class Controller {
 	//use pwd pwd_BlaTest25
      
     private final String idForCloud = "AKIAIOSFODNN7EXAMPLE";
-    private final String valueForCloud = "wJalrXUtnFEMI/K7MDENG/bPxRfiCY78ZWn/7";
+    private final String valueForCloud = "wJalrXUtnFEMI/K7MDENG/bPxRfiCY78ZWn/72";
 
     private final static String pwdPropertyName="prop.password";