diff --git a/.circleci/config.yml b/.circleci/config.yml
index 4c8434d4..31af5586 100644
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -1,5 +1,8 @@
 version: 2.1
 
+orbs:
+  prodsec: snyk/prodsec-orb@1.0
+
 defaults: &defaults
   docker:
     - image: node:16
@@ -130,6 +133,12 @@ workflows:
   version: 2
   test_and_release:
     jobs:
+      - prodsec/secrets-scan:
+          name: Scan repository for secrets
+          context:
+            - snyk-bot-slack
+          channel: os-team-managed-alerts
+
       - install:
           name: Install
           filters:
diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
index b9d01d86..bc4ad40e 100644
--- a/.github/CODEOWNERS
+++ b/.github/CODEOWNERS
@@ -1,8 +1 @@
-# This is a comment.
-# Each line is a file pattern followed by one or more owners.
-
-# These owners will be the default owners for everything in
-# the repo. Unless a later match takes precedence,
-#  @loki will be requested for
-# review when someone opens a pull request.
-*       @snyk/os-managed
+* @snyk/os-managed
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
new file mode 100644
index 00000000..c2c41c88
--- /dev/null
+++ b/.pre-commit-config.yaml
@@ -0,0 +1,6 @@
+repos:
+  - repo: https://github.com/gitleaks/gitleaks
+    rev: v8.16.1
+    hooks:
+      - id: gitleaks
+