diff --git a/.gitignore b/.gitignore
index 79b22ebd..fac77e79 100644
--- a/.gitignore
+++ b/.gitignore
@@ -113,3 +113,6 @@ Temporary Items
 npm-debug.log*
 yarn-debug.log*
 yarn-error.log*
+
+.env
+.bin/
diff --git a/Makefile b/Makefile
index 174613ba..52cac241 100644
--- a/Makefile
+++ b/Makefile
@@ -1,4 +1,4 @@
-MAKEFILES_VERSION=9.1.0
+MAKEFILES_VERSION=9.2.0
 
 .DEFAULT_GOAL:=dogu-release
 
diff --git a/build/make/bats.mk b/build/make/bats.mk
index ce1319c9..7e73553d 100644
--- a/build/make/bats.mk
+++ b/build/make/bats.mk
@@ -9,7 +9,7 @@ BATS_SUPPORT=$(BATS_LIBRARY_DIR)/bats-support
 BATS_FILE=$(BATS_LIBRARY_DIR)/bats-file
 BATS_BASE_IMAGE?=bats/bats
 BATS_CUSTOM_IMAGE?=cloudogu/bats
-BATS_TAG?=1.2.1
+BATS_TAG?=1.11.0
 BATS_DIR=build/make/bats
 BATS_WORKDIR="${WORKDIR}"/"${BATS_DIR}"
 
diff --git a/build/make/bats/Dockerfile b/build/make/bats/Dockerfile
index 428ee057..7167a941 100644
--- a/build/make/bats/Dockerfile
+++ b/build/make/bats/Dockerfile
@@ -1,7 +1,9 @@
 ARG BATS_BASE_IMAGE
 ARG BATS_TAG
 
-FROM ${BATS_BASE_IMAGE}:${BATS_TAG}
+FROM ${BATS_BASE_IMAGE:-bats/bats}:${BATS_TAG:-1.11.0}
 
 # Make bash more findable by scripts and tests
 RUN apk add make git bash
+# suppress git "detected dubious ownership" error/warning for repos which are checked out later
+RUN git config --global --add safe.directory /workspace
\ No newline at end of file
diff --git a/build/make/vulnerability-scan.mk b/build/make/vulnerability-scan.mk
new file mode 100644
index 00000000..5698206d
--- /dev/null
+++ b/build/make/vulnerability-scan.mk
@@ -0,0 +1,13 @@
+##@ Vulnerability scan
+
+GOVULNCHECK_BIN=${UTILITY_BIN_PATH}/govulncheck
+GOVULNCHECK_VERSION?=latest
+
+${GOVULNCHECK_BIN}: ${UTILITY_BIN_PATH}
+	$(call go-get-tool,$(GOVULNCHECK_BIN),golang.org/x/vuln/cmd/govulncheck@$(GOVULNCHECK_VERSION))
+
+.PHONY: govulncheck
+govulncheck: ${GOVULNCHECK_BIN} ## This target is used to scan the go repository against known vulnerabilities
+	@echo "Start vulnerability against repository"
+	${GOVULNCHECK_BIN} -show verbose ./...
+	@echo "Finished scan"
\ No newline at end of file