diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
index 7558d07..fb87d16 100644
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -24,7 +24,7 @@ jobs:
   restrictNSMDeps:
     uses: networkservicemesh/.github/.github/workflows/restrict-nsm-deps.yaml@main
     with:
-      allowed_repositories: "api, sdk, sdk-k8s, sdk-kernel, sdk-sriov, sdk-vpp"
+      allowed_repositories: "api, sdk, sdk-k8s, sdk-kernel, sdk-sriov, sdk-vpp, govpp, vpphelper"
 
   checkgomod:
     uses: networkservicemesh/.github/.github/workflows/checkgomod.yaml@main
@@ -32,8 +32,8 @@ jobs:
   gogenerate:
     uses: networkservicemesh/.github/.github/workflows/cmd-gogenerate.yaml@main
 
-  # excludereplace:
-  #   uses: networkservicemesh/.github/.github/workflows/exclude-replace.yaml@main
+  excludereplace:
+    uses: networkservicemesh/.github/.github/workflows/exclude-replace.yaml@main
 
   docker-build-and-test:
     if: github.repository != 'networkservicemesh/cmd-template'
diff --git a/.github/workflows/docker-push-ghcr.yml b/.github/workflows/docker-push-ghcr.yml
index f585d2a..a0a3d7c 100644
--- a/.github/workflows/docker-push-ghcr.yml
+++ b/.github/workflows/docker-push-ghcr.yml
@@ -4,11 +4,6 @@ name: Docker push ghcr
 on:
   push:
     branches: [main]
-  workflow_run:
-    types:
-      - completed
-    workflows:
-      - 'automerge'
 jobs:
   push:
     if: ${{ github.repository != 'networkservicemesh/cmd-template' && (github.event.workflow_run.conclusion == 'success' && github.actor == 'nsmbot' || github.event_name == 'push') }}
diff --git a/.github/workflows/docker-push.yaml b/.github/workflows/docker-push.yaml
index 0ebd305..d498b0b 100644
--- a/.github/workflows/docker-push.yaml
+++ b/.github/workflows/docker-push.yaml
@@ -4,11 +4,6 @@ on:
   push:
     branches:
       - main
-  workflow_run:
-    types:
-      - completed
-    workflows:
-      - 'automerge'
 jobs:
   push:
     if: ${{ github.repository != 'networkservicemesh/cmd-template' && (github.event.workflow_run.conclusion == 'success' && github.actor == 'nsmbot' || github.event_name == 'push') }}
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index c13055e..72f9cd6 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -18,7 +18,7 @@ jobs:
       - name: Get tag
         run: |
           branch=${{github.event.workflow_run.head_branch}}
-          echo '::set-output name=tag::'${branch#release/}
+          echo tag=${branch#release/} >> $GITHUB_OUTPUT
         id: get-tag-step
 
   check-gomod-deps:
diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000..52ed6d7
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,9 @@
+# Security Policy
+
+## Reporting a security issue
+
+If you believe you have found a security issue in Network Service Mesh, please send a description of the issue to security@networkservicemesh.io. We will send a confirmation to acknowledge your report, and an additional email with the result of our assessment (normally within 1-2 working days).
+
+## Supported versions
+
+Note that Network Service Mesh is developed and maintained on one track, thus we encourage our users to follow our latest releases. For this reason we only investigate whether the reported issue is affecting the latest release of Network Service Mesh and provide a fix in a patch release on top of the latest release.
\ No newline at end of file