diff --git a/.github/dependabot.yml b/.github/dependabot.yml
new file mode 100644
index 0000000..c7527f4
--- /dev/null
+++ b/.github/dependabot.yml
@@ -0,0 +1,13 @@
+version: 2
+updates:
+  - package-ecosystem: pip
+    directory: /
+    schedule:
+      interval: weekly
+    open-pull-requests-limit: 10
+
+  - package-ecosystem: github-actions
+    directory: /
+    schedule:
+      interval: weekly
+    open-pull-requests-limit: 5
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index e7c257d..9faa812 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -29,4 +29,4 @@ jobs:
         run: uv run ruff check src/ tests/
 
       - name: Run tests
-        run: uv run pytest --tb=short -v
+        run: uv run pytest --tb=short -v --cov=hippofloop --cov-report=term-missing
diff --git a/.gitignore b/.gitignore
index 76f5089..94f5b9b 100644
--- a/.gitignore
+++ b/.gitignore
@@ -30,3 +30,4 @@ wandb/
 
 # Infisical
 .infisical.json
+.coverage
diff --git a/README.md b/README.md
index a7b951f..5fc65ca 100644
--- a/README.md
+++ b/README.md
@@ -1,5 +1,10 @@
 # hippofloop
 
+[![Tests](https://github.com/nvandessel/hippofloop/actions/workflows/test.yml/badge.svg)](https://github.com/nvandessel/hippofloop/actions/workflows/test.yml)
+[![CodeQL](https://github.com/nvandessel/hippofloop/actions/workflows/github-code-scanning/codeql/badge.svg)](https://github.com/nvandessel/hippofloop/security/code-scanning)
+[![License](https://img.shields.io/github/license/nvandessel/hippofloop)](LICENSE)
+[![Python](https://img.shields.io/badge/python-3.11+-blue.svg)](https://python.org)
+
 > [!WARNING]
 > This project is under active development and not yet ready for production use.
 
diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000..26ed3fc
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,17 @@
+# Security Policy
+
+## Supported Versions
+
+| Version | Supported          |
+|---------|--------------------|
+| 0.x     | :white_check_mark: |
+
+## Reporting a Vulnerability
+
+If you discover a security vulnerability, please report it responsibly:
+
+1. **Do not** open a public issue
+2. Open a [private security advisory](https://github.com/nvandessel/hippofloop/security/advisories/new) on GitHub
+3. Include: description, steps to reproduce, and potential impact
+
+You can expect an initial response within 72 hours.