diff --git a/.commitlintrc.yaml b/.commitlintrc.yaml
new file mode 100644
index 0000000..522602e
--- /dev/null
+++ b/.commitlintrc.yaml
@@ -0,0 +1,28 @@
+---
+# The rules below have been manually copied from @commitlint/config-conventional
+# and match the v1.0.0 specification:
+# https://www.conventionalcommits.org/en/v1.0.0/#specification
+#
+# You can remove them and uncomment the config below when the following issue is
+# fixed: https://github.com/conventional-changelog/commitlint/issues/613
+#
+# extends:
+#   - '@commitlint/config-conventional'
+rules:
+  body-leading-blank: [1, always]
+  body-max-line-length: [2, always, 100]
+  footer-leading-blank: [1, always]
+  footer-max-line-length: [2, always, 100]
+  header-max-length: [2, always, 100]
+  subject-case:
+    - 2
+    - never
+    - [sentence-case, start-case, pascal-case, upper-case]
+  subject-empty: [2, never]
+  subject-full-stop: [2, never, "."]
+  type-case: [2, always, lower-case]
+  type-empty: [2, never]
+  type-enum:
+    - 2
+    - always
+    - [build, chore, ci, docs, feat, fix, perf, refactor, revert, style, test]
diff --git a/.github/workflows/build_container.yml b/.github/workflows/build_container.yml
new file mode 100644
index 0000000..2ce7312
--- /dev/null
+++ b/.github/workflows/build_container.yml
@@ -0,0 +1,49 @@
+---
+name: Build and publish a 🛢️ container
+
+on:
+  push:
+    branches:
+      - 'main'
+    tags:
+      - '*'
+  workflow_dispatch:
+
+jobs:
+  build-and-push-container:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+    steps:
+      - name: Source checkout
+        uses: actions/checkout@v4
+
+      - name: Get commitlint version
+        id: get_version
+        run: echo "cl_version="$(jq -r '.dependencies."@commitlint/cli"' package.json | sed 's/\^//') >> $GITHUB_OUTPUT
+
+      # Parse ref_name and if it is main, change it to latest
+      - name: Set tag
+        id: set_tag
+        run: echo "tag=$(echo ${{ github.ref_name }} | sed 's/^main$/latest/')" >> $GITHUB_OUTPUT
+
+      - name: Build Vox Pupuli commitlint container
+        uses: voxpupuli/gha-build-and-publish-a-container@v2
+        with:
+          registry_password: ${{ secrets.GITHUB_TOKEN }}
+          build_arch: linux/amd64,linux/arm64
+          docker_username: voxpupulibot
+          docker_password: ${{ secrets.DOCKERHUB_BOT_PASSWORD }}
+          tags: |
+            ghcr.io/voxpupuli/commitlint:${{ steps.get_version.outputs.cl_version }}-${{ steps.set_tag.outputs.tag }}
+            ghcr.io/voxpupuli/commitlint:latest
+            docker.io/voxpupuli/commitlint:${{ steps.get_version.outputs.cl_version }}-${{ steps.set_tag.outputs.tag }}
+            docker.io/voxpupuli/commitlint:latest
+
+      - name: Update Docker Hub Description
+        uses: peter-evans/dockerhub-description@v4
+        with:
+          username: voxpupulibot
+          password: ${{ secrets.DOCKERHUB_BOT_PASSWORD }}
+          repository: voxpupuli/commitlint
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
new file mode 100644
index 0000000..29665f9
--- /dev/null
+++ b/.github/workflows/ci.yaml
@@ -0,0 +1,59 @@
+---
+name: CI🚦
+
+on:
+  pull_request:
+    branches:
+      - main
+  workflow_dispatch:
+
+jobs:
+  general_ci:
+    uses: voxpupuli/crafty/.github/workflows/general_ci.yaml@main
+    with:
+      shellcheck_scan_dir: '.'
+
+  build_test_container:
+    name: 'Build test container'
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Build image
+        uses: docker/build-push-action@v6
+        with:
+          tags: 'ci/test:${{ github.event.number }}'
+          push: false
+
+  tests:
+    needs:
+      - build_test_container
+    runs-on: ubuntu-latest
+    name: Test suite
+    steps:
+      - run: echo Test suite completed
+
+  dependabot:
+    permissions:
+      contents: write
+    name: 'Dependabot auto-merge'
+    needs:
+      - tests
+    runs-on: ubuntu-latest
+    if: ${{ github.actor == 'dependabot[bot]' && github.event_name == 'pull_request'}}
+    steps:
+      - name: Dependabot metadata
+        id: metadata
+        uses: dependabot/fetch-metadata@v2.2.0
+        with:
+          github-token: '${{ secrets.GITHUB_TOKEN }}'
+
+      - name: Enable auto-merge for Dependabot PRs
+        run: gh pr merge --auto --merge "$PR_URL"
+        env:
+          PR_URL: ${{github.event.pull_request.html_url}}
+          GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
diff --git a/.github/workflows/security_scanning.yml b/.github/workflows/security_scanning.yml
new file mode 100644
index 0000000..db5f5fb
--- /dev/null
+++ b/.github/workflows/security_scanning.yml
@@ -0,0 +1,43 @@
+---
+name: Security Scanning 🕵️
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+    branches:
+      - main
+
+jobs:
+  build_test_container:
+    name: 'Build test container'
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Build local container
+        uses: docker/build-push-action@v6
+        with:
+          tags: 'ci/test:latest'
+          push: false
+
+      - name: Scan image with Anchore Grype
+        uses: anchore/scan-action@v5
+        id: scan
+        with:
+          image: 'ci/test:latest'
+          fail-build: false
+
+      - name: Inspect action SARIF report
+        run: jq . ${{ steps.scan.outputs.sarif }}
+
+      - name: Upload Anchore scan SARIF report
+        uses: github/codeql-action/upload-sarif@v3
+        with:
+          sarif_file: ${{ steps.scan.outputs.sarif }}
diff --git a/Dockerfile b/Dockerfile
index 58ff51d..8556612 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,39 +1,39 @@
-FROM node:23.1.0-alpine3.20 AS build
-
-WORKDIR /npm
-COPY package.json /npm
-
-RUN npm install
-
-###############################################################################
-
-FROM node:23.1.0-alpine3.20 AS final
-
-LABEL org.label-schema.maintainer="Voxpupuli Team <voxpupuli@groups.io>" \
-      org.label-schema.vendor="Voxpupuli" \
-      org.label-schema.url="https://github.com/voxpupuli/container-commitlint" \
-      org.label-schema.name="Vox Pupuli Container for commitlint" \
-      org.label-schema.license="AGPL-3.0-or-later" \
-      org.label-schema.vcs-url="https://github.com/voxpupuli/container-commitlint" \
-      org.label-schema.schema-version="1.0" \
-      org.label-schema.dockerfile="/Dockerfile"
-
-COPY Dockerfile /
-COPY docker-entrypoint.sh /
-COPY docker-entrypoint.d /docker-entrypoint.d
-COPY --from=build /npm /npm
-
-RUN apk update && apk upgrade \
-    && apk add --no-cache --update bash git \
-    && chmod +x /docker-entrypoint.sh
-    # && chmod +x /docker-entrypoint.d/*.sh
-
-# fix ENOGITREPO Not running from a git repository.
-RUN git config --global --add safe.directory '*'
-
-WORKDIR /data
-
-ENV PATH="$PATH:/npm/node_modules/.bin"
-ENV NODE_OPTIONS="--use-openssl-ca"
-
-ENTRYPOINT [ "/docker-entrypoint.sh" ]
+FROM node:23.1.0-alpine3.20 AS build
+
+WORKDIR /npm
+COPY package.json /npm
+
+RUN npm install
+
+###############################################################################
+
+FROM node:23.1.0-alpine3.20 AS final
+
+LABEL org.label-schema.maintainer="Voxpupuli Team <voxpupuli@groups.io>" \
+      org.label-schema.vendor="Voxpupuli" \
+      org.label-schema.url="https://github.com/voxpupuli/container-commitlint" \
+      org.label-schema.name="Vox Pupuli Container for commitlint" \
+      org.label-schema.license="AGPL-3.0-or-later" \
+      org.label-schema.vcs-url="https://github.com/voxpupuli/container-commitlint" \
+      org.label-schema.schema-version="1.0" \
+      org.label-schema.dockerfile="/Dockerfile"
+
+COPY Dockerfile /
+COPY docker-entrypoint.sh /
+COPY docker-entrypoint.d /docker-entrypoint.d
+COPY --from=build /npm /npm
+
+RUN apk update && apk upgrade \
+    && apk add --no-cache --update bash git \
+    && chmod +x /docker-entrypoint.sh \
+    # fix ENOGITREPO Not running from a git repository.
+    && git config --global --add safe.directory '*'
+    # && chmod +x /docker-entrypoint.d/*.sh
+
+WORKDIR /data
+
+ENV PATH="$PATH:/npm/node_modules/.bin"
+ENV NODE_OPTIONS="--use-openssl-ca"
+
+ENTRYPOINT [ "/docker-entrypoint.sh" ]
+CMD [ "--last" ]
diff --git a/README.md b/README.md
index bece9f2..7011988 100644
--- a/README.md
+++ b/README.md
@@ -1 +1,70 @@
 # Vox Pupuli Commitlint Container
+
+[![CI](https://github.com/voxpupuli/container-commitlint/actions/workflows/ci.yaml/badge.svg)](https://github.com/voxpupuli/container-commitlint/actions/workflows/ci.yaml)
+[![License](https://img.shields.io/github/license/voxpupuli/container-commitlint.svg)](https://github.com/voxpupuli/container-commitlint/blob/main/LICENSE)
+[![Sponsored by betadots GmbH](https://img.shields.io/badge/Sponsored%20by-betadots%20GmbH-blue.svg)](https://www.betadots.de)
+
+This container can be used to lint commits.
+It encapsulates [commitlint](https://github.com/conventional-changelog/commitlint) and all necessary plugins.
+See [package.json](package.json) for details. This is a npm application running in an alpine container.
+
+## Usage
+
+### Lint last commit only
+
+```shell
+podman run -it --rm -v $PWD:/data ghcr.io/voxpupuli/commitlint:latest
+# or (but thats the default)
+podman run -it --rm -v $PWD:/data ghcr.io/voxpupuli/commitlint:latest --last
+```
+
+### Lint all commits from a branch
+
+```shell
+podman run -it --rm -v $PWD:/data ghcr.io/voxpupuli/commitlint:latest \
+  --from $(git merge-base $(git symbolic-ref refs/remotes/origin/HEAD --short) HEAD) \
+  --to HEAD
+```
+
+### More options
+
+For more options see:
+
+```shell
+podman run -it --rm -v $PWD:/data ghcr.io/voxpupuli/commitlint:latest --help
+```
+
+### Example commitlint config
+
+See [.commitlint.yaml](.commitlintrc.yaml)
+
+```yaml
+---
+# The rules below have been manually copied from @commitlint/config-conventional
+# and match the v1.0.0 specification:
+# https://www.conventionalcommits.org/en/v1.0.0/#specification
+#
+# You can remove them and uncomment the config below when the following issue is
+# fixed: https://github.com/conventional-changelog/commitlint/issues/613
+#
+# extends:
+#   - '@commitlint/config-conventional'
+rules:
+  body-leading-blank: [1, always]
+  body-max-line-length: [2, always, 100]
+  footer-leading-blank: [1, always]
+  footer-max-line-length: [2, always, 100]
+  header-max-length: [2, always, 100]
+  subject-case:
+    - 2
+    - never
+    - [sentence-case, start-case, pascal-case, upper-case]
+  subject-empty: [2, never]
+  subject-full-stop: [2, never, "."]
+  type-case: [2, always, lower-case]
+  type-empty: [2, never]
+  type-enum:
+    - 2
+    - always
+    - [build, chore, ci, docs, feat, fix, perf, refactor, revert, style, test]
+```
diff --git a/commitlint.config.js b/commitlint.config.js
deleted file mode 100644
index 6521bd8..0000000
--- a/commitlint.config.js
+++ /dev/null
@@ -1,19 +0,0 @@
-export default {
-    extends: ['@commitlint/config-conventional'],
-      /*
-     * Resolve and load conventional-changelog-atom from node_modules.
-     * Referenced packages must be installed
-     */
-      parserPreset: 'conventional-changelog-atom',
-      /*
-       * Resolve and load @commitlint/format from node_modules.
-       * Referenced package must be installed
-       */
-      formatter: '@commitlint/format',
-      /*
-       * Any rules defined here will override rules from @commitlint/config-conventional
-       */
-      rules: {
-        'type-enum': [2, 'always', ['foo']],
-      },
-  };