diff --git a/.github/workflows/pipeline-orchestrator.yml b/.github/workflows/pipeline-orchestrator.yml
index 08eb243..2d1f247 100644
--- a/.github/workflows/pipeline-orchestrator.yml
+++ b/.github/workflows/pipeline-orchestrator.yml
@@ -1,6 +1,8 @@
 name: Pipeline Orchestrator
 
 on:
+  push:
+    branches: [main]
   pull_request:
     branches: [main]
 
diff --git a/.github/workflows/pipeline-scan.yml b/.github/workflows/pipeline-scan.yml
index eeab55a..d2ee1e7 100644
--- a/.github/workflows/pipeline-scan.yml
+++ b/.github/workflows/pipeline-scan.yml
@@ -8,8 +8,20 @@ on:
         value: ${{ jobs.pipeline-scan.outputs.result }}
 
 jobs:
-  # 🚧 REPLACE THIS ENTIRE 'jobs:' SECTION WITH WORKSHOP CONTENT! 🚧
-  # Copy from: workshop/pipeline_scan/{tool}/workflow.yml
+  checkout-leak:
+    name: "actions/checkout can leak GitHub credentials"
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read # As we're going to expose this file, let's limit the permissions
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Show `.git/config` content
+        run: |
+          cat .git/config
+          
 
   pipeline-scan:
     name: "🚧 Pipeline Scan - Workshop Placeholder"
diff --git a/infra/data.tf b/infra/data.tf
index 1c5352f..a0bf1bd 100644
--- a/infra/data.tf
+++ b/infra/data.tf
@@ -6,6 +6,7 @@ data "aws_vpc" "existing" {
   filter {
     name   = "tag:Name"
     values = ["platform-vpc"]
+
   }
 }
 
@@ -40,3 +41,5 @@ data "aws_lb" "existing" {
 data "aws_lb_target_group" "existing" {
   name = var.target_group_name
 }
+
+
diff --git a/infra/main.tf b/infra/main.tf
index b6337c2..d756e5f 100644
--- a/infra/main.tf
+++ b/infra/main.tf
@@ -19,7 +19,7 @@ resource "aws_ecr_repository" "app" {
     Name        = var.app_name
     Environment = var.environment
   }
-}
+} 
 
 # ==============================================================================
 # CLOUDWATCH LOGS
diff --git a/infra/providers.tf b/infra/providers.tf
index 505818f..76c517e 100644
--- a/infra/providers.tf
+++ b/infra/providers.tf
@@ -1,15 +1,15 @@
 terraform {
   required_version = ">= 1.0"
-
+  
   required_providers {
     aws = {
       source  = "hashicorp/aws"
       version = "~> 5.0"
     }
   }
-
+  
   backend "s3" {
-    bucket = "workshop-terraform-state"
+    bucket = "workshop-terraform-state-lefteris"  
     key    = "workshop/terraform.tfstate"
     region = "us-east-1"
   }
diff --git a/infra/variables.tf b/infra/variables.tf
index 7f4f1c9..aec8d48 100644
--- a/infra/variables.tf
+++ b/infra/variables.tf
@@ -2,6 +2,7 @@ variable "aws_region" {
   description = "AWS region for resources"
   type        = string
   default     = "us-east-1"
+  
 }
 
 variable "environment" {
@@ -69,3 +70,5 @@ variable "logs_kms_key_arn" {
   type        = string
   default     = ""
 }
+
+