diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json
new file mode 100644
index 0000000..39bbd26
--- /dev/null
+++ b/.devcontainer/devcontainer.json
@@ -0,0 +1,4 @@
+{
+  "image": "mcr.microsoft.com/devcontainers/universal:2",
+  "features": {}
+}
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 1d9d7ed..8c8ee5e 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -1,4 +1,4 @@
-version: 2
+version: 💌
 updates:
   - package-ecosystem: github-actions
     directory: /
diff --git a/.github/workflows/prober.yml b/.github/workflows/prober.yml
index b8439a6..b2eec0e 100644
--- a/.github/workflows/prober.yml
+++ b/.github/workflows/prober.yml
@@ -5,6 +5,20 @@ on:
     inputs:
       sigstore:
         description: 'Which Sigstore instance to use for signing'
+        default: 'public-good'
+        required: false
+        type: string
+    secrets:
+      trust-domain:
+        description: 'Trust domain in which the test is executed'
+        required: true
+        type: string
+      service:
+        description: 'Service against which status should be reported'
+        required: true
+        type: string
+      team:
+        description: 'Team associated with status report'
         required: true
         type: string
 
@@ -16,6 +30,8 @@ jobs:
       id-token: write
 
     steps:
+      - uses: hmarr/debug-action@v3
+
       - name: Request OIDC Token
         run: |
           curl "${ACTIONS_ID_TOKEN_REQUEST_URL}&audience=nobody" \
@@ -28,6 +44,11 @@ jobs:
         run: |
           date > artifact
 
+      - name: Upload build artifact
+        uses: actions/upload-artifact@v4
+        with:
+          path: "artifact"
+
       - name: Attest build provenance
         uses: actions/attest-build-provenance@v2
         env:
@@ -41,11 +62,6 @@ jobs:
         run: |
           gh attestation verify ./artifact --owner "$GITHUB_REPOSITORY_OWNER"
 
-      - name: Upload build artifact
-        uses: actions/upload-artifact@v4
-        with:
-          path: "artifact"
-
       - name: Report attestation prober success
         if: ${{ success() }}
         uses: masci/datadog@a5d283e78e33a688ed08a96ba64440505e645a8c # v1.7.1
@@ -56,12 +72,12 @@ jobs:
               status: 0
               host_name: github.com
               tags:
-                - "catalog_service:${{ secrets.CATALOG_SERVICE }}"
-                - "service:${{ secrets.CATALOG_SERVICE }}"
-                - "stamp:${{ secrets.STAMP }}"
+                - "catalog_service:${{ secrets.service }}"
+                - "service:${{ secrets.service }}"
+                - "stamp:${{ secrets.trust-domain }}"
                 - "env:production"
                 - "repo:${{ github.repository }}"
-                - "team:${{ secrets.TEAM }}"
+                - "team:${{ secrets.team }}"
                 - "sigstore:${{ inputs.sigstore }}"
 
       - name: Report attestation prober failure
@@ -75,10 +91,10 @@ jobs:
               status: 2
               host_name: github.com
               tags:
-                - "catalog_service:${{ secrets.CATALOG_SERVICE }}"
-                - "service:${{ secrets.CATALOG_SERVICE }}"
-                - "stamp:${{ secrets.STAMP }}"
+                - "catalog_service:${{ secrets.service }}"
+                - "service:${{ secrets.service }}"
+                - "stamp:${{ secrets.trust-domain }}"
                 - "env:production"
                 - "repo:${{ github.repository }}"
-                - "team:${{ secrets.TEAM }}"
+                - "team:${{ secrets.team }}"
                 - "sigstore:${{ inputs.sigstore }}"
diff --git a/LICENSE b/LICENSE
index 5f9e342..8b13789 100644
--- a/LICENSE
+++ b/LICENSE
@@ -1,21 +1 @@
-MIT License
 
-Copyright GitHub
-
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in all
-copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-SOFTWARE.
\ No newline at end of file
diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000..034e848
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,21 @@
+# Security Policy
+
+## Supported Versions
+
+Use this section to tell people about which versions of your project are
+currently being supported with security updates.
+
+| Version | Supported          |
+| ------- | ------------------ |
+| 5.1.x   | :white_check_mark: |
+| 5.0.x   | :x:                |
+| 4.0.x   | :white_check_mark: |
+| < 4.0   | :x:                |
+
+## Reporting a Vulnerability
+
+Use this section to tell people how to report a vulnerability.
+
+Tell them where to go, how often they can expect to get an update on a
+reported vulnerability, what to expect if the vulnerability is accepted or
+declined, etc.
diff --git a/package-lock.json b/package-lock.json
index 28be0ba..3a46215 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -21,7 +21,7 @@
         "eslint-plugin-import": "^2.31.0",
         "eslint-plugin-jest": "^28.11.0",
         "jest": "^29.7.0",
-        "jose": "^5.9.6",
+        "jose": "^6.0.10",
         "markdownlint-cli": "^0.44.0",
         "nock": "^14.0.1",
         "prettier": "^3.5.3",
@@ -48,6 +48,15 @@
         "jose": "^5.2.3"
       }
     },
+    "node_modules/@actions/attest/node_modules/jose": {
+      "version": "5.10.0",
+      "resolved": "https://registry.npmjs.org/jose/-/jose-5.10.0.tgz",
+      "integrity": "sha512-s+3Al/p9g32Iq+oqXxkW//7jk2Vig6FF1CFqzVXoTUXt2qz89YWbL+OwS17NFYEvxC35n0FKeGO2LGYSxeM2Gg==",
+      "license": "MIT",
+      "funding": {
+        "url": "https://github.com/sponsors/panva"
+      }
+    },
     "node_modules/@actions/core": {
       "version": "1.11.1",
       "resolved": "https://registry.npmjs.org/@actions/core/-/core-1.11.1.tgz",
@@ -5532,9 +5541,11 @@
       }
     },
     "node_modules/jose": {
-      "version": "5.9.6",
-      "resolved": "https://registry.npmjs.org/jose/-/jose-5.9.6.tgz",
-      "integrity": "sha512-AMlnetc9+CV9asI19zHmrgS/WYsWUwCn2R7RzlbJWD7F9eWYUTGyBmU9o6PxngtLGOiDGPRu+Uc4fhKzbpteZQ==",
+      "version": "6.0.10",
+      "resolved": "https://registry.npmjs.org/jose/-/jose-6.0.10.tgz",
+      "integrity": "sha512-skIAxZqcMkOrSwjJvplIPYrlXGpxTPnro2/QWTDCxAdWQrSTV5/KqspMWmi5WAx5+ULswASJiZ0a+1B/Lxt9cw==",
+      "dev": true,
+      "license": "MIT",
       "funding": {
         "url": "https://github.com/sponsors/panva"
       }
diff --git a/package.json b/package.json
index 41e6777..d868d57 100644
--- a/package.json
+++ b/package.json
@@ -82,7 +82,7 @@
     "eslint-plugin-import": "^2.31.0",
     "eslint-plugin-jest": "^28.11.0",
     "jest": "^29.7.0",
-    "jose": "^5.9.6",
+    "jose": "^6.0.10",
     "markdownlint-cli": "^0.44.0",
     "nock": "^14.0.1",
     "prettier": "^3.5.3",