diff --git a/.github/workflows/check-broken-links.yml b/.github/workflows/check-broken-links.yml
index 63e9329..729999b 100644
--- a/.github/workflows/check-broken-links.yml
+++ b/.github/workflows/check-broken-links.yml
@@ -22,6 +22,8 @@ jobs:
       - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
 
       - name: Check - container
+        # Unpinned Actions Full Length Commit SHA
+        # kics-scan ignore-line
         uses: ./
         with:
           url: https://rust-lang.github.io/mdBook/
@@ -73,6 +75,7 @@ jobs:
         run: ./entrypoint.sh
 
       - name: Check links using container
+        # kics-scan ignore-line
         uses: ./
         with:
           url: https://my-testing-domain.com
diff --git a/.github/workflows/docker-image.yml b/.github/workflows/docker-image.yml
index d350df1..678fa47 100644
--- a/.github/workflows/docker-image.yml
+++ b/.github/workflows/docker-image.yml
@@ -6,7 +6,6 @@ on:
     paths:
       - Dockerfile
       - .dockerignore
-      - .hadolint.yaml
       - entrypoint.sh
       - .github/workflows/docker-image.yml
   push:
@@ -15,7 +14,6 @@ on:
     paths:
       - Dockerfile
       - .dockerignore
-      - .hadolint.yaml
       - entrypoint.sh
       - .github/workflows/docker-image.yml
 
diff --git a/.github/workflows/markdown-check.yml b/.github/workflows/markdown-check.yml
index 707a6e9..4448bf8 100644
--- a/.github/workflows/markdown-check.yml
+++ b/.github/workflows/markdown-check.yml
@@ -7,7 +7,6 @@ on:
       - "**.md"
       - .github/workflows/markdown-check.yml
       - .markdownlint.yml
-      - .spelling
   push:
     branches:
       - main
@@ -15,7 +14,6 @@ on:
       - "**.md"
       - .github/workflows/markdown-check.yml
       - .markdownlint.yml
-      - .spelling
 
 permissions: read-all
 
@@ -29,24 +27,9 @@ jobs:
         uses: ruzickap/action-my-markdown-linter@919d3735df9bbc094d206521a774133ec8f3c4ca # v1.1.0
         with:
           exclude: |
+            tests/
             CHANGELOG.md
 
-  markdown-spell-check:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
-
-      - name: Install Node.js 12
-        uses: actions/setup-node@b39b52d1213e96004bfcb1c61a8a6fa8ab84f3e8 # v4.0.1
-        with:
-          node-version: 12.x
-
-      - name: Install markdown-spellcheck
-        run: npm install -g markdown-spellcheck
-
-      - name: Run mdspell
-        run: find . -type f \( -name "*.md" ! -name "CHANGELOG.md" \) -print0 | xargs -0 --max-args=1 --verbose mdspell --ignore-numbers --ignore-acronyms --report --en-gb
-
   markdown-link-check:
     runs-on: ubuntu-latest
     steps:
@@ -56,4 +39,5 @@ jobs:
         uses: ruzickap/action-my-markdown-link-checker@e7e8635735a15a86b081f8255022bcc251cc9003 # v1.2.0
         with:
           exclude: |
+            tests/
             CHANGELOG.md
diff --git a/.mega-linter.yml b/.mega-linter.yml
index a834394..48baab4 100644
--- a/.mega-linter.yml
+++ b/.mega-linter.yml
@@ -5,9 +5,6 @@ BASH_SHFMT_ARGUMENTS: --indent 2 --space-redirects
 
 DISABLE_LINTERS:
   - MARKDOWN_MARKDOWN_LINK_CHECK # Using lychee instead
-  - REPOSITORY_DEVSKIM
-  - REPOSITORY_KICS
-  - REPOSITORY_TRIVY
   - SPELL_CSPELL
 
 # Remove: To receive reports as email, please set variable EMAIL_REPORTER_EMAIL
diff --git a/.spelling b/.spelling
deleted file mode 100644
index 8e5ace3..0000000
--- a/.spelling
+++ /dev/null
@@ -1,18 +0,0 @@
-awsug.cz
-awsugcz
-entrypoint.sh
-GitBook
-github.io
-google.com
-hostname
-hugo-build
-k8s-harbor
-mdBook
-MkDocs
-mkdocs.org
-muffet
-ruzickap
-VuePress
-vuepress-build-check-deploy
-xvx.cz
-yml
diff --git a/Dockerfile b/Dockerfile
index 47ac3d1..a8660d1 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,4 +1,4 @@
-FROM alpine:3.19
+FROM alpine:latest
 
 LABEL maintainer="Petr Ruzicka <petr.ruzicka@gmail.com>"
 LABEL repository="https://github.com/ruzickap/action-my-broken-link-checker"
@@ -20,9 +20,11 @@ SHELL ["/bin/ash", "-eo", "pipefail", "-c"]
 # - https://github.com/docker/docker-ce/blob/v17.09.0-ce/components/engine/hack/make.sh#L149
 # - https://github.com/golang/go/blob/go1.9.1/src/net/conf.go#L194-L275
 # - docker run --rm debian:stretch grep '^hosts:' /etc/nsswitch.conf
+
+# kics-scan ignore-block
 RUN set -eux && \
     test -e /etc/nsswitch.conf || echo 'hosts: files dns' > /etc/nsswitch.conf && \
-    apk add --no-cache bash ca-certificates wget && \
+    apk add --no-cache bash ca-certificates sudo wget && \
     if [ "${MUFFET_VERSION}" = "latest" ]; then \
       MUFFET_URL=$(wget -qO- https://api.github.com/repos/raviqqe/muffet/releases/latest | grep "browser_download_url.*/muffet_linux_amd64.tar.gz" | cut -d \" -f 4) ; \
     else \
@@ -38,4 +40,6 @@ RUN set -eux && \
 
 COPY entrypoint.sh /entrypoint.sh
 
+HEALTHCHECK NONE
+
 ENTRYPOINT [ "/entrypoint.sh" ]
diff --git a/entrypoint.sh b/entrypoint.sh
index ac844bf..0f4ad58 100755
--- a/entrypoint.sh
+++ b/entrypoint.sh
@@ -43,7 +43,8 @@ print_info() {
 # Remove all added files or changed /etc/hosts entry
 cleanup() {
   if [ -n "${PAGES_PATH}" ]; then
-    $sudo_cmd bash -c "sed -i \"/127.0.0.1 ${PAGES_DOMAIN}  # Created by my-broken-link-checker/d\" /etc/hosts || true"
+    # Ignore DevSkim - Accessing localhost could indicate debug code, or could hinder scaling.
+    $sudo_cmd bash -c "sed -i \"/127.0.0.1 ${PAGES_DOMAIN}  # Created by my-broken-link-checker/d\" /etc/hosts || true"  # DevSkim: ignore DS162092
     $sudo_cmd caddy stop &> /dev/null
     [ -f "${CADDYFILE}" ] && rm "${CADDYFILE}"
     [ -f "${CADDY_LOG}" ] && rm "${CADDY_LOG}"
diff --git a/tests/run_tests.sh b/tests/run_tests.sh
index d735179..9a4f8e5 100755
--- a/tests/run_tests.sh
+++ b/tests/run_tests.sh
@@ -17,13 +17,13 @@ export INPUT_URL="https://xvx.cz:443"
 export INPUT_URL="https://debian.cz:443/info/"
 ../entrypoint.sh
 
-export INPUT_URL="http://debian.cz/info"
+export INPUT_URL="http://debian.cz/info"  # DevSkim: ignore DS137138
 ../entrypoint.sh
 
 echo -e "\n\n\e[32m!!! Test locally stored web pages (PAGES_PATH)\e[m"
 export INPUT_CMD_PARAMS="--skip-tls-verification --verbose --color=always"
 
-export INPUT_URL="http://my-testing-domain.com/index2.html"
+export INPUT_URL="http://my-testing-domain.com/index2.html"  # DevSkim: ignore DS137138
 export INPUT_PAGES_PATH="${PWD}"
 ../entrypoint.sh
 
@@ -43,7 +43,7 @@ export INPUT_PAGES_PATH="${PWD}"
 export INPUT_CMD_PARAMS="--skip-tls-verification --verbose --color=always"
 docker run --rm -t -e INPUT_DEBUG -e INPUT_URL -e INPUT_CMD_PARAMS -e INPUT_PAGES_PATH -v "$INPUT_PAGES_PATH:$INPUT_PAGES_PATH" my-broken-link-checker-test
 
-export INPUT_URL="http://my-testing-domain.com/index2.html"
+export INPUT_URL="http://my-testing-domain.com/index2.html"  # DevSkim: ignore DS137138
 export INPUT_PAGES_PATH="${PWD}"
 export INPUT_CMD_PARAMS="--verbose --color=always"
 docker run --rm -t -e INPUT_DEBUG -e INPUT_URL -e INPUT_CMD_PARAMS -e INPUT_PAGES_PATH -v "$INPUT_PAGES_PATH:$INPUT_PAGES_PATH" my-broken-link-checker-test