diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 5c377ddb54fe427e3a36fa96cf85d58c141fc826..62304fc8be5824719259cc2b3f08c5177c8b81a5 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -87,7 +87,7 @@ build-release:
     paths:
       - app/build/outputs/apk/release
 
-analysis:
+code-quality:
   stage: code-quality
   <<: *build_rules
   needs:
@@ -99,7 +99,7 @@ analysis:
       - app/build/reports/
       - build/reports/
 
-tests:
+unit-tests:
   stage: code-quality
   <<: *build_rules
   needs:
@@ -117,6 +117,79 @@ tests:
         coverage_format: jacoco
         path: app/build/reports/jacoco/jacocoReleaseReport/jacocoReleaseReport.xml
 
+code-security:
+  image: semgrep/semgrep:latest
+  stage: code-quality
+  <<: *build_rules
+  needs: []
+  script:
+    - semgrep scan --config=auto --error --json-output semgrep-report.json --junit-xml-output semgrep-junit.xml .
+  artifacts:
+    when: always
+    reports:
+      junit: semgrep-junit.xml
+    paths:
+      - semgrep-report.json
+      - semgrep-junit.xml
+
+secret-scan:
+  image:
+    name: zricethezav/gitleaks:latest
+    entrypoint: [""]
+  stage: code-quality
+  <<: *build_rules
+  needs: []
+  script:
+    - gitleaks detect --source . --no-git --redact --exit-code 1 --report-format junit --report-path gitleaks-junit.xml
+  artifacts:
+    when: always
+    reports:
+      junit: gitleaks-junit.xml
+    paths:
+      - gitleaks-junit.xml
+
+high-critical-scan:
+  image:
+    name: aquasec/trivy:latest
+    entrypoint: [""]
+  stage: code-quality
+  <<: *build_rules
+  needs: []
+  variables:
+    TRIVY_CACHE_DIR: ".trivycache/"
+  script:
+    - trivy fs --severity HIGH,CRITICAL --exit-code 1 --no-progress --format template --template "@/contrib/junit.tpl" --output trivy-fs-junit.xml .
+  artifacts:
+    when: always
+    reports:
+      junit: trivy-fs-junit.xml
+    paths:
+      - trivy-fs-junit.xml
+
+dependency-vuln-scan:
+  image: owasp/dependency-check:latest
+  stage: code-quality
+  <<: *build_rules
+  needs: []
+  variables:
+    DEPENDENCY_CHECK_DATA: ".dependency-check-data"
+  script:
+    - mkdir -p dependency-check-report
+    - |
+      if [ -n "$NVD_API_KEY" ]; then
+        dependency-check.sh --scan . --project "$CI_PROJECT_PATH_SLUG" --data "$DEPENDENCY_CHECK_DATA" --format "JSON" --format "HTML" --format "JUNIT" --out dependency-check-report --nvdApiKey "$NVD_API_KEY" --failOnCVSS 7 --junitFailOnCVSS 7
+      else
+        dependency-check.sh --scan . --project "$CI_PROJECT_PATH_SLUG" --data "$DEPENDENCY_CHECK_DATA" --format "JSON" --format "HTML" --format "JUNIT" --out dependency-check-report --failOnCVSS 7 --junitFailOnCVSS 7
+      fi
+  artifacts:
+    when: always
+    reports:
+      junit:
+        - dependency-check-report/*junit*.xml
+        - dependency-check-report/*JUNIT*.xml
+    paths:
+      - dependency-check-report/
+
 generate-apks:
   stage: build
   <<: *rules_publish
diff --git a/README.md b/README.md
index 8c111574126cba9060e085586ee53ebf8ce5561e..2c8587d738a0fb3780e87801293db9d3b224ba7b 100644
--- a/README.md
+++ b/README.md
@@ -1,3 +1,11 @@
+[![build-release](https://gitlab.e.foundation/e/os/apps/badges/000-os-security-ci-tools/pipeline.svg?job=build-release&key_text=Build%20Release&key_width=120)](https://gitlab.e.foundation/e/os/apps/-/jobs?name=build-release&kind=BUILD)
+[![code-quality](https://gitlab.e.foundation/e/os/apps/badges/000-os-security-ci-tools/pipeline.svg?job=code-quality&key_text=Code%20Quality&key_width=120)](https://gitlab.e.foundation/e/os/apps/-/jobs?name=code-quality&kind=BUILD)
+[![unit-tests](https://gitlab.e.foundation/e/os/apps/badges/000-os-security-ci-tools/pipeline.svg?job=unit-tests&key_text=Unit%20Tests&key_width=120)](https://gitlab.e.foundation/e/os/apps/-/jobs?name=unit-tests&kind=BUILD)
+[![code-security](https://gitlab.e.foundation/e/os/apps/badges/000-os-security-ci-tools/pipeline.svg?job=code-security&key_text=Code%20Security&key_width=120)](https://gitlab.e.foundation/e/os/apps/-/jobs?name=code-security&kind=BUILD)
+[![secret-scan](https://gitlab.e.foundation/e/os/apps/badges/000-os-security-ci-tools/pipeline.svg?job=secret-scan&key_text=Secret%20Scan&key_width=120)](https://gitlab.e.foundation/e/os/apps/-/jobs?name=secret-scan&kind=BUILD)
+[![high-critical-scan](https://gitlab.e.foundation/e/os/apps/badges/000-os-security-ci-tools/pipeline.svg?job=high-critical-scan&key_text=High%2FCritical&key_width=120)](https://gitlab.e.foundation/e/os/apps/-/jobs?name=high-critical-scan&kind=BUILD)
+[![dependency-vuln-scan](https://gitlab.e.foundation/e/os/apps/badges/000-os-security-ci-tools/pipeline.svg?job=dependency-vuln-scan&key_text=Dependency%20Vuln&key_width=130)](https://gitlab.e.foundation/e/os/apps/-/jobs?name=dependency-vuln-scan&kind=BUILD)
+
 # App Lounge
 
 App Lounge is an open-source application that allows you to install Android apps on your device quickly and easily. It is licensed and distributed under [The GNU General Public License v3.0](https://www.gnu.org/licenses/gpl-3.0.en.html).