diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
index 3fe1e65..91492f4 100644
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -33,6 +33,15 @@ jobs:
           skip-cache: true
       - name: Check code
         run: make check
+      - name: Run Gosec Security Scanner
+        uses: securego/gosec@v2.21.4
+        with:
+          args: ./...
+      - name: Bearer
+        uses: bearer/bearer-action@v2
+        with:
+          scanner: secrets,sast
+          diff: true
       - name: Run tests
         run: make test-all
       - name: Install plugin
diff --git a/pkg/generator.go b/pkg/generator.go
index 90f562b..d1f469c 100644
--- a/pkg/generator.go
+++ b/pkg/generator.go
@@ -5,6 +5,7 @@ import (
 	"errors"
 	"fmt"
 	"os"
+	"path/filepath"
 	"strings"
 
 	"gopkg.in/yaml.v3"
@@ -37,7 +38,7 @@ func GenerateJsonSchema(config *Config) error {
 
 	// Iterate over the input YAML files
 	for _, filePath := range config.Input {
-		content, err := os.ReadFile(filePath)
+		content, err := os.ReadFile(filepath.Clean(filePath))
 		if err != nil {
 			return errors.New("error reading YAML file(s)")
 		}
@@ -110,7 +111,7 @@ func GenerateJsonSchema(config *Config) error {
 
 	// Write the JSON schema to the output file
 	outputPath := config.OutputPath
-	if err := os.WriteFile(outputPath, jsonBytes, 0644); err != nil {
+	if err := os.WriteFile(outputPath, jsonBytes, 0600); err != nil {
 		return errors.New("error writing schema to file")
 	}
 
diff --git a/pkg/generator_test.go b/pkg/generator_test.go
index 11fff24..c1fce06 100644
--- a/pkg/generator_test.go
+++ b/pkg/generator_test.go
@@ -37,7 +37,7 @@ func TestGenerateJsonSchema(t *testing.T) {
 			templateSchemaFile: "../testdata/full.schema.json",
 		},
 		{
-			name: "full json schema",
+			name: "noAdditionalProperties",
 			config: &Config{
 				Draft:                  2020,
 				Indent:                 4,
diff --git a/testdata/anchors.schema.json b/testdata/anchors.schema.json
index 3282a74..b8a975c 100644
--- a/testdata/anchors.schema.json
+++ b/testdata/anchors.schema.json
@@ -1,5 +1,9 @@
 {
+    "$id": "https://example.com/schema",
+    "$ref": "schema/product.json",
     "$schema": "https://json-schema.org/draft/2020-12/schema",
+    "additionalProperties": true,
+    "description": "Schema for Helm values",
     "properties": {
         "app": {
             "properties": {
@@ -20,5 +24,6 @@
             "type": "object"
         }
     },
+    "title": "Helm Values Schema",
     "type": "object"
 }
diff --git a/testdata/basic.schema.json b/testdata/basic.schema.json
index d09075d..a743800 100644
--- a/testdata/basic.schema.json
+++ b/testdata/basic.schema.json
@@ -1,5 +1,9 @@
 {
+    "$id": "https://example.com/schema",
+    "$ref": "schema/product.json",
     "$schema": "https://json-schema.org/draft/2020-12/schema",
+    "additionalProperties": true,
+    "description": "Schema for Helm values",
     "properties": {
         "empty": {
             "type": "null"
@@ -57,5 +61,6 @@
             "type": "array"
         }
     },
+    "title": "Helm Values Schema",
     "type": "object"
 }
diff --git a/testdata/meta.schema.json b/testdata/meta.schema.json
index f392785..4183d7b 100644
--- a/testdata/meta.schema.json
+++ b/testdata/meta.schema.json
@@ -1,5 +1,9 @@
 {
+    "$id": "https://example.com/schema",
+    "$ref": "schema/product.json",
     "$schema": "https://json-schema.org/draft/2020-12/schema",
+    "additionalProperties": true,
+    "description": "Schema for Helm values",
     "properties": {
         "fullnameOverride": {
             "title": "Full name override",
@@ -50,5 +54,6 @@
             "type": "array"
         }
     },
+    "title": "Helm Values Schema",
     "type": "object"
 }