diff --git a/.github/workflows/doc.yaml b/.github/workflows/doc.yaml
index 5357a4b..7ab37c1 100644
--- a/.github/workflows/doc.yaml
+++ b/.github/workflows/doc.yaml
@@ -1,12 +1,12 @@
 name: Doc
 
-on: [push, pull_request, workflow_dispatch]
+on: [push, workflow_dispatch]
 
 permissions:
   contents: write
 
 jobs:
-  docs:
+  doc:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
diff --git a/.github/workflows/sec.yaml b/.github/workflows/sec.yaml
new file mode 100644
index 0000000..9e15b93
--- /dev/null
+++ b/.github/workflows/sec.yaml
@@ -0,0 +1,20 @@
+name: Sec
+
+on:
+  push:
+    branches: '**'
+
+permissions:
+  contents: write
+
+jobs:
+  sec:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - name: Install Dependencies
+        run: |
+          make sec-dependencies
+      - name: Security Scan
+        run: |
+          make sec
\ No newline at end of file
diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml
index 49dc8ed..b4c44ff 100644
--- a/.github/workflows/test.yaml
+++ b/.github/workflows/test.yaml
@@ -5,7 +5,7 @@ on:
     branches: '**'
 
 jobs:
-  build:
+  test:
     runs-on: ubuntu-latest
     steps:
     - uses: actions/checkout@v4
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
new file mode 100644
index 0000000..229f5e4
--- /dev/null
+++ b/.pre-commit-config.yaml
@@ -0,0 +1,11 @@
+repos:
+  - repo: https://github.com/pypa/pip-audit
+    rev: v2.9.0
+    hooks:
+      - id: pip-audit
+        args: ["-r", "requirements.txt"]
+  - repo: https://github.com/Yelp/detect-secrets
+    rev: v1.5.0
+    hooks:
+      - id: detect-secrets
+        args: ['--baseline', '.secrets.baseline']
\ No newline at end of file
diff --git a/.secrets.baseline b/.secrets.baseline
new file mode 100644
index 0000000..1433dd2
--- /dev/null
+++ b/.secrets.baseline
@@ -0,0 +1,192 @@
+{
+  "version": "1.5.0",
+  "plugins_used": [
+    {
+      "name": "ArtifactoryDetector"
+    },
+    {
+      "name": "AWSKeyDetector"
+    },
+    {
+      "name": "AzureStorageKeyDetector"
+    },
+    {
+      "name": "Base64HighEntropyString",
+      "limit": 4.5
+    },
+    {
+      "name": "BasicAuthDetector"
+    },
+    {
+      "name": "CloudantDetector"
+    },
+    {
+      "name": "DiscordBotTokenDetector"
+    },
+    {
+      "name": "GitHubTokenDetector"
+    },
+    {
+      "name": "GitLabTokenDetector"
+    },
+    {
+      "name": "HexHighEntropyString",
+      "limit": 3.0
+    },
+    {
+      "name": "IbmCloudIamDetector"
+    },
+    {
+      "name": "IbmCosHmacDetector"
+    },
+    {
+      "name": "IPPublicDetector"
+    },
+    {
+      "name": "JwtTokenDetector"
+    },
+    {
+      "name": "KeywordDetector",
+      "keyword_exclude": ""
+    },
+    {
+      "name": "MailchimpDetector"
+    },
+    {
+      "name": "NpmDetector"
+    },
+    {
+      "name": "OpenAIDetector"
+    },
+    {
+      "name": "PrivateKeyDetector"
+    },
+    {
+      "name": "PypiTokenDetector"
+    },
+    {
+      "name": "SendGridDetector"
+    },
+    {
+      "name": "SlackDetector"
+    },
+    {
+      "name": "SoftlayerDetector"
+    },
+    {
+      "name": "SquareOAuthDetector"
+    },
+    {
+      "name": "StripeDetector"
+    },
+    {
+      "name": "TelegramBotTokenDetector"
+    },
+    {
+      "name": "TwilioKeyDetector"
+    }
+  ],
+  "filters_used": [
+    {
+      "path": "detect_secrets.filters.allowlist.is_line_allowlisted"
+    },
+    {
+      "path": "detect_secrets.filters.common.is_baseline_file",
+      "filename": ".secrets.baseline"
+    },
+    {
+      "path": "detect_secrets.filters.common.is_ignored_due_to_verification_policies",
+      "min_level": 2
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_indirect_reference"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_likely_id_string"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_lock_file"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_not_alphanumeric_string"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_potential_uuid"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_prefixed_with_dollar_sign"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_sequential_string"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_swagger_file"
+    },
+    {
+      "path": "detect_secrets.filters.heuristic.is_templated_secret"
+    }
+  ],
+  "results": {
+    "tests/registryclient_test.py": [
+      {
+        "type": "Secret Keyword",
+        "filename": "tests/registryclient_test.py",
+        "hashed_secret": "f953298876f062f1e31ec1a795f2013db8825b00",
+        "is_verified": false,
+        "line_number": 14,
+        "is_secret": false
+      },
+      {
+        "type": "Secret Keyword",
+        "filename": "tests/registryclient_test.py",
+        "hashed_secret": "a34febb59b638f5eaa9d232f6eed227357cfeffc",
+        "is_verified": false,
+        "line_number": 20,
+        "is_secret": false
+      },
+      {
+        "type": "Secret Keyword",
+        "filename": "tests/registryclient_test.py",
+        "hashed_secret": "93a57d5e27f7c0ed8c950d83986366da7b10ae98",
+        "is_verified": false,
+        "line_number": 26,
+        "is_secret": false
+      },
+      {
+        "type": "Secret Keyword",
+        "filename": "tests/registryclient_test.py",
+        "hashed_secret": "f4e9087e6434ec8abaed659126e293ef4d8b24c8",
+        "is_verified": false,
+        "line_number": 32,
+        "is_secret": false
+      },
+      {
+        "type": "Secret Keyword",
+        "filename": "tests/registryclient_test.py",
+        "hashed_secret": "ac3b246a80af47c4758b21b0a7c58c3421d9777e",
+        "is_verified": false,
+        "line_number": 38,
+        "is_secret": false
+      },
+      {
+        "type": "Secret Keyword",
+        "filename": "tests/registryclient_test.py",
+        "hashed_secret": "7f12808de3d4b2d893ce1dc145a05568f4e6b95a",
+        "is_verified": false,
+        "line_number": 44,
+        "is_secret": false
+      }
+    ],
+    "tests/registryclientmock.py": [
+      {
+        "type": "Secret Keyword",
+        "filename": "tests/registryclientmock.py",
+        "hashed_secret": "206c80413b9a96c1312cc346b7d2517b84463edd",
+        "is_verified": false,
+        "line_number": 82,
+        "is_secret": false
+      }
+    ]
+  },
+  "generated_at": "2025-04-27T15:11:17Z"
+}
diff --git a/Makefile b/Makefile
index d40a634..7aa4fbe 100644
--- a/Makefile
+++ b/Makefile
@@ -34,3 +34,16 @@ doc-dependencies:
 doc:
 	$(PYTHON) -m sphinx.ext.apidoc -o ./doc/source/image . "tests/*"
 	$(PYTHON) -m sphinx ./doc/source ./doc/sphinx
+
+##########
+# Security recipes
+#
+# Install required dependencies for the sec recipe
+sec-dependencies:
+	$(PYTHON) -m pip install -r requirements.sec.txt
+	$(PYTHON) -m pre_commit install
+
+# Security scan locally and in CI
+sec:
+	$(PYTHON) -m detect_secrets.pre_commit_hook --baseline .secrets.baseline -v
+	$(PYTHON) -m pip_audit -r requirements.txt
diff --git a/requirements.sec.txt b/requirements.sec.txt
new file mode 100644
index 0000000..b54c600
--- /dev/null
+++ b/requirements.sec.txt
@@ -0,0 +1,3 @@
+pre-commit
+detect-secrets
+pip-audit
\ No newline at end of file