diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
index 6eb9b72..b0c1df2 100644
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@@ -15,6 +15,8 @@ on:
   release:
     types: [published, edited]
   workflow_dispatch:
+
+permissions: read-all
   
 env:
   REGISTRY: ghcr.io
@@ -73,14 +75,3 @@ jobs:
           push: true
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
-
-      - name: Run Trivy vulnerability scanner
-        uses: aquasecurity/trivy-action@master
-        with:
-          image-ref: ${{ env.DOCKER_IMAGE }}
-          format: 'sarif'
-          output: 'trivy-results.sarif'
-      - name: Upload Trivy scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@v3
-        with:
-          sarif_file: 'trivy-results.sarif'
diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
index 8410932..87882f7 100644
--- a/.github/workflows/lint.yml
+++ b/.github/workflows/lint.yml
@@ -6,6 +6,8 @@ on:
   pull_request:
     branches: [main]
 
+permissions: read-all
+
 jobs:
   run-lint:
     name: Lint
@@ -18,7 +20,7 @@ jobs:
           fetch-depth: 0
 
       - name: Lint Code Base
-        uses: github/super-linter@v5
+        uses: github/super-linter@v6
         env:
           VALIDATE_ALL_CODEBASE: false
           DEFAULT_BRANCH: main
diff --git a/.github/workflows/stack-healthcheck.yml b/.github/workflows/stack-healthcheck.yml
index c26d1df..577c5e1 100644
--- a/.github/workflows/stack-healthcheck.yml
+++ b/.github/workflows/stack-healthcheck.yml
@@ -5,6 +5,8 @@ on:
   pull_request:
   workflow_dispatch:
 
+permissions: read-all
+
 jobs:
   test:
     name: Test Stack
@@ -18,4 +20,4 @@ jobs:
       - name: Check database creation
         run: docker compose logs | grep "Success. You can now start the database server"
       - name: Check postgres init
-        run: docker compose logs | grep "PostgreSQL init process complete; ready for start up."
\ No newline at end of file
+        run: docker compose logs | grep "PostgreSQL init process complete; ready for start up."
diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml
index ff67a26..58a5b62 100644
--- a/.github/workflows/stale.yml
+++ b/.github/workflows/stale.yml
@@ -4,6 +4,10 @@ on:
     - cron: '0 */1 * * *'
   workflow_dispatch:
 
+permissions:
+  issues: write
+  pull-requests: write
+
 jobs:
   stale:
     runs-on: ubuntu-latest
diff --git a/pgadmin-config-creator/Dockerfile b/pgadmin-config-creator/Dockerfile
index c237e97..bb19e98 100644
--- a/pgadmin-config-creator/Dockerfile
+++ b/pgadmin-config-creator/Dockerfile
@@ -1,7 +1,13 @@
 FROM python:3.12-alpine
+
+RUN useradd -m pgadmin-config-creator
+USER pgadmin-config-creator
+
 RUN mkdir /app
 RUN mkdir /config
+
 COPY . /app
 WORKDIR /app
+
 CMD ["python", "app.py"]
-HEALTHCHECK CMD test -f /config/servers.json || exit 1
\ No newline at end of file
+HEALTHCHECK CMD test -f /config/servers.json || exit 1