diff --git a/.github/secret_scanning.yml b/.github/secret_scanning.yml
new file mode 100644
index 0000000..d9874dd
--- /dev/null
+++ b/.github/secret_scanning.yml
@@ -0,0 +1,4 @@
+paths-ignore:
+  - "docs/**"
+  - "README.md"
+  - "**/README.md"
\ No newline at end of file
diff --git a/.github/workflows/cicd.yml b/.github/workflows/cicd.yml
index ce4a542..d2e8c6b 100644
--- a/.github/workflows/cicd.yml
+++ b/.github/workflows/cicd.yml
@@ -6,6 +6,7 @@ on:
       - main
 
 permissions:
+    attestations: write
     id-token: write
     contents: read
 
@@ -18,9 +19,7 @@ env:
 jobs:
   cicd:
     name: Build and Deploy to Azure Web App
-    
     runs-on: ubuntu-latest
-
     steps:
       # Checkout the repo
       - uses: actions/checkout@v4
@@ -71,10 +70,13 @@ jobs:
       - name: logout
         run: |
           az logout
-
-      - uses: advanced-security/reusable-workflows/.github/workflows/container.yml@v0.2.0
-        continue-on-error: true
-        with:
-          # This is used for tagging the container image
-          version: v1.0.0
-          container-file: ./src/webapp01/Dockerfile
\ No newline at end of file
+ 
+  # https://docs.github.com/en/actions/security-for-github-actions/using-artifact-attestations/using-artifact-attestations-and-reusable-workflows-to-achieve-slsa-v1-build-level-3          
+  container-build-publish:
+    name: Build and Publish Container Image
+    needs: []
+    uses: advanced-security/reusable-workflows/.github/workflows/container.yml@v0.2.0
+    with:
+      # This is used for tagging the container image
+      version: v1.0.0
+      container-file: ./src/webapp01/Dockerfile
\ No newline at end of file