diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index d1f94de..09e0b0f 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -1,13 +1,9 @@
 version: 2
 updates:
   - package-ecosystem: terraform
-    directory: "/"
-    schedule:
-      interval: "daily"
-    open-pull-requests-limit: 10
-
-  - package-ecosystem: terraform
-    directory: "/examples"
+    directories:
+      - "/"
+      - "**/*"
     schedule:
       interval: "daily"
     open-pull-requests-limit: 10
diff --git a/.github/release-please.yml b/.github/release-please.yml
new file mode 100644
index 0000000..19c4910
--- /dev/null
+++ b/.github/release-please.yml
@@ -0,0 +1,2 @@
+handleGHRelease: true
+manifest: true
diff --git a/.github/semantic.yml b/.github/semantic.yml
new file mode 100644
index 0000000..0eab896
--- /dev/null
+++ b/.github/semantic.yml
@@ -0,0 +1,4 @@
+# Always validate the PR title AND all the commits
+titleAndCommits: true
+# Disallows use of Merge commits
+allowMergeCommits: false
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index fea4bea..20fc2aa 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -2,6 +2,8 @@ name: Build
 
 on: [ push, workflow_dispatch ]
 
+permissions: read-all
+
 jobs:
   examples:
     runs-on: ubuntu-latest
@@ -12,7 +14,7 @@ jobs:
         tf-version: [ 1.1.9, 1.2.9, 1.3.2 ]
     steps:
       - name: Start LocalStack
-        uses: LocalStack/setup-localstack@v0.2.3
+        uses: LocalStack/setup-localstack@a9b3e54ee0052a2f40a4eb4ca8b39dfd3bc2bc65 #v0.2.3
         with:
           image-tag: 'latest'
 
@@ -23,7 +25,7 @@ jobs:
           sudo mv terraform /usr/local/bin
           rm *
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
       - name: Validate examples terraform v${{ matrix.tf-version }}
         run: make examples
   build:
diff --git a/.github/workflows/commitlint.yaml b/.github/workflows/commitlint.yaml
index 447cd8f..9cd9dd7 100644
--- a/.github/workflows/commitlint.yaml
+++ b/.github/workflows/commitlint.yaml
@@ -1,14 +1,19 @@
 name: Lint Commit Messages
 
-on: [pull_request]
+on:
+  pull_request:
+  push:
+    branches: [main]
+
+permissions: read-all
 
 jobs:
   commitlint:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           fetch-depth: 0
-      - uses: wagoid/commitlint-github-action@v6
+      - uses: wagoid/commitlint-github-action@b948419dd99f3fd78a6548d48f94e3df7f6bf3ed # v6.2.1
         with:
           configFile: "./.github/commitlint.config.mjs"
diff --git a/.github/workflows/pre-commit.yaml b/.github/workflows/pre-commit.yaml
new file mode 100644
index 0000000..5f2578b
--- /dev/null
+++ b/.github/workflows/pre-commit.yaml
@@ -0,0 +1,18 @@
+name: pre-commit
+
+on:
+  pull_request:
+  push:
+    branches: [main]
+
+permissions: read-all
+
+jobs:
+  pre-commit:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd # v3.1.2
+      - uses: terraform-linters/setup-tflint@8093687ecc9dcbfa88d07c103ad4176739a7287e # v4.1.0
+      - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0
+      - uses: pre-commit/action@2c7b3805fd2a0fd8c1884dcaebf91fc102a13ecd # v3.0.1
diff --git a/.github/workflows/terrascan.yaml b/.github/workflows/terrascan.yaml
index 203f708..aaffb94 100644
--- a/.github/workflows/terrascan.yaml
+++ b/.github/workflows/terrascan.yaml
@@ -1,16 +1,24 @@
-name: Terrascan
-on: [ pull_request ]
 # https://github.com/marketplace/actions/terrascan-iac-scanner
+name: Terrascan
+
+on:
+  pull_request:
+  push:
+    branches: [main]
+
+
+permissions: read-all
+
 jobs:
   terrascan:
     runs-on: ubuntu-latest
     name: terrascan
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v4
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
       - name: Run Terrascan
         id: terrascan
-        uses: tenable/terrascan-action@main
+        uses: tenable/terrascan-action@a4b0f7ec5fb3c4c66b8e76d824d958002f6ce12c # main
         with:
           iac_type: 'terraform'
           iac_version: 'v14'
@@ -25,6 +33,6 @@ jobs:
           #webhook_url:
           #webhook_token:
       - name: Upload SARIF file
-        uses: github/codeql-action/upload-sarif@v3
+        uses: github/codeql-action/upload-sarif@d68b2d4edb4189fd2a5366ac14e72027bd4b37dd # v3.28.2
         with:
           sarif_file: terrascan.sarif
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
new file mode 100644
index 0000000..7d83dba
--- /dev/null
+++ b/.pre-commit-config.yaml
@@ -0,0 +1,27 @@
+# See https://pre-commit.com for more information
+# See https://pre-commit.com/hooks.html for more hooks
+repos:
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v4.5.0
+    hooks:
+      - id: trailing-whitespace
+      - id: end-of-file-fixer
+      - id: check-yaml
+        args:
+          - --allow-multiple-documents
+      - id: check-added-large-files
+  - repo: https://github.com/alessandrojcm/commitlint-pre-commit-hook
+    rev: v9.11.0
+    hooks:
+      - id: commitlint
+        stages: [ commit-msg ]
+        additional_dependencies: [ '@commitlint/config-conventional' ]
+  - repo: https://github.com/antonbabenko/pre-commit-terraform
+    rev: v1.86.0
+    hooks:
+      - id: terraform_tflint
+      - id: terraform_fmt
+      - id: terraform_checkov
+        language: docker_image
+        entry: --tty bridgecrew/checkov:3.2.354 --config-file checkov.yaml
+        pass_filenames: false
diff --git a/.release-please-manifest.json b/.release-please-manifest.json
new file mode 100644
index 0000000..949ce4c
--- /dev/null
+++ b/.release-please-manifest.json
@@ -0,0 +1,3 @@
+{
+  ".": "0.2.2"
+}
diff --git a/Makefile b/Makefile
index 1faccaf..d1f9042 100644
--- a/Makefile
+++ b/Makefile
@@ -12,4 +12,3 @@ example/%:
 	@terraform -chdir=$* init
 	@terraform -chdir=$* validate
 	@terraform -chdir=$* plan
-
diff --git a/checkov.yaml b/checkov.yaml
new file mode 100644
index 0000000..f6052a9
--- /dev/null
+++ b/checkov.yaml
@@ -0,0 +1,17 @@
+block-list-secret-scan: [ ]
+branch: master
+custom-tool-name: Checkov
+compact: true
+directory:
+  - .
+download-external-modules: true
+evaluate-variables: true
+external-modules-download-path: .external_modules
+framework:
+  - - terraform,terraform_plan,yaml,json,github_configuration,github_actions
+hard-fail-on: MEDIUM
+mask: [ ]
+quiet: true
+secrets-history-timeout: 12h
+secrets-scan-file-type: [ ]
+summary-position: top
diff --git a/examples/basic/provider.tf b/examples/basic/provider.tf
index 69d1a96..5651794 100644
--- a/examples/basic/provider.tf
+++ b/examples/basic/provider.tf
@@ -33,3 +33,13 @@ provider "aws" {
     sts            = "http://localhost:4566"
   }
 }
+
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 5.0"
+    }
+  }
+  required_version = ">= 1.1.9"
+}
diff --git a/examples/override/provider.tf b/examples/override/provider.tf
index 69d1a96..5651794 100644
--- a/examples/override/provider.tf
+++ b/examples/override/provider.tf
@@ -33,3 +33,13 @@ provider "aws" {
     sts            = "http://localhost:4566"
   }
 }
+
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 5.0"
+    }
+  }
+  required_version = ">= 1.1.9"
+}
diff --git a/examples/public/provider.tf b/examples/public/provider.tf
index 69d1a96..5651794 100644
--- a/examples/public/provider.tf
+++ b/examples/public/provider.tf
@@ -33,3 +33,13 @@ provider "aws" {
     sts            = "http://localhost:4566"
   }
 }
+
+terraform {
+  required_providers {
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 5.0"
+    }
+  }
+  required_version = ">= 1.1.9"
+}
diff --git a/providers.tf b/providers.tf
new file mode 100644
index 0000000..eca83cc
--- /dev/null
+++ b/providers.tf
@@ -0,0 +1,14 @@
+terraform {
+  required_providers {
+    null = {
+      source  = "hashicorp/null"
+      version = "3.2.3"
+    }
+
+    aws = {
+      source  = "hashicorp/aws"
+      version = "~> 5.1"
+    }
+  }
+  required_version = ">= 1.1.9"
+}
diff --git a/release-please-config.json b/release-please-config.json
new file mode 100644
index 0000000..9f0ec9d
--- /dev/null
+++ b/release-please-config.json
@@ -0,0 +1,30 @@
+{
+  "packages": {
+    ".": {
+      "changelog-path": "CHANGELOG.md",
+      "release-type": "terraform-module",
+      "bump-minor-pre-major": false,
+      "bump-patch-for-minor-pre-major": false,
+      "draft": false,
+      "prerelease": false,
+      "changelog-sections": [
+        { "type": "feat", "section": "Features" },
+        { "type": "feature", "section": "Features" },
+        { "type": "fix", "section": "Bug Fixes" },
+        { "type": "perf", "section": "Performance Improvements" },
+        { "type": "revert", "section": "Reverts" },
+        { "type": "docs", "section": "Documentation" },
+        { "type": "style", "section": "Styles" },
+        { "type": "chore", "section": "Miscellaneous Chores" },
+        { "type": "refactor", "section": "Code Refactoring" },
+        { "type": "test", "section": "Tests" },
+        { "type": "build", "section": "Build System" },
+        { "type": "ci", "section": "Continuous Integration" }
+      ],
+      "extra-files": [
+          "locals.tf"
+      ]
+    }
+  },
+  "$schema": "https://raw.githubusercontent.com/googleapis/release-please/main/schemas/config.json"
+}