diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
new file mode 100644
index 0000000..b2a92e8
--- /dev/null
+++ b/.github/CODEOWNERS
@@ -0,0 +1 @@
+* @teknologi-umum/infrastructure
diff --git a/.github/workflows/ci.yml b/.github/workflows/secret-scan.yml
similarity index 63%
rename from .github/workflows/ci.yml
rename to .github/workflows/secret-scan.yml
index 8d94472..f6ef588 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/secret-scan.yml
@@ -1,27 +1,22 @@
-name: CI
+name: Secret Scan
 
 on:
   push:
   pull_request:
 
 jobs:
-  secret_scan:
-    name: Secret Scan
+  megalinter:
+    name: MegaLinter
     runs-on: ubuntu-latest
     steps:
+      - name: Setup jq
+        uses: dcarbone/install-jq-action@v2.1.0
+
       - name: Checkout code
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           fetch-depth: 0
 
-      - name: TruffleHog OSS
-        uses: trufflesecurity/trufflehog@main
-        with:
-          path: ./
-          base: ${{ github.event.repository.default_branch }}
-          head: HEAD
-          extra_args: --debug --only-verified
-
       - name: MegaLinter
         id: ml
         uses: oxsecurity/megalinter/flavors/documentation@v7
@@ -31,3 +26,20 @@ jobs:
           VALIDATE_ALL_CODEBASE: ${{ github.event_name == 'push' && github.ref == 'refs/heads/master' }}
           ENABLE: EDITORCONFIG
           FILTER_REGEX_EXCLUDE: (LICENSE|CODE_OF_CONDUCT\.md|.idea)
+  
+  trufflehog:
+    name: Trufflehog
+    runs-on: ubuntu-latest
+    steps:
+      - name: Setup jq
+        uses: dcarbone/install-jq-action@v2.1.0
+
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: TruffleHog OSS
+        uses: trufflesecurity/trufflehog@main
+        with:
+          extra_args: --debug --only-verified
diff --git a/captcha/docker-compose.yml b/captcha/docker-compose.yml
index 0b2bca3..304eea3 100644
--- a/captcha/docker-compose.yml
+++ b/captcha/docker-compose.yml
@@ -42,11 +42,20 @@ services:
       BOT_TOKEN:
       SENTRY_DSN:
       DATABASE_URL:
+      POSTGRES_URL:
       MONGO_URL:
       TZ: UTC
       TEKNUM_ID:
+      HOME_GROUP_ID:
       ADMIN_ID:
-      PORT: 8080
+      ADMIN_IDS:
+      FEATURE_FLAG_DUKUN: true
+      FEATURE_FLAG_BADWORDS_INSERTION: true
+      FEATURE_FLAG_UNDER_ATTACK: true
+      FEATURE_FLAG_ANALYTICS: true
+      FEATURE_FLAG_REMINDER: true
+      HTTP_PORT: 8080
+      UNDER_ATTACK__DATASTORE_PROVIDER: postgres
     labels:
       - "traefik.enable=true"
       - "traefik.docker.network=captcha"
diff --git a/libreddit/docker-compose.yml b/libreddit/docker-compose.yml
index dfed0f9..70af291 100644
--- a/libreddit/docker-compose.yml
+++ b/libreddit/docker-compose.yml
@@ -13,7 +13,7 @@ services:
       - "traefik.http.services.libreddit.loadbalancer.server.port=8080"
       - "traefik.http.services.libreddit.loadbalancer.server.scheme=http"
       - "traefik.http.services.libreddit.loadbalancer.healthcheck.interval=120s"
-      - "traefik.http.services.libreddit.loadbalancer.healthcheck.path=/"
+      - "traefik.http.services.libreddit.loadbalancer.healthcheck.path=/settings"
       - "traefik.http.middlewares.libreddit-rate.ratelimit.average=100"
       - "traefik.http.middlewares.libreddit-rate.ratelimit.burst=20"
       - "traefik.http.middlewares.libreddit-rate.ratelimit.period=1s"
diff --git a/pesto/docker-compose.yml b/pesto/docker-compose.yml
index 12a5b0d..2a8dba2 100644
--- a/pesto/docker-compose.yml
+++ b/pesto/docker-compose.yml
@@ -179,6 +179,7 @@ services:
       - "traefik.http.services.rce.loadbalancer.healthcheck.path=/healthz"
       - "traefik.http.middlewares.rce-auth.forwardauth.address=http://auth:3000/"
       - "traefik.http.middlewares.rce-auth.forwardauth.authRequestHeaders=Accept,X-Pesto-Token,Referer,Origin"
+      - "traefik.http.middlewares.rce-auth.forwardauth.authResponseHeaders=Sentry-Trace,Baggage"
       - "traefik.http.middlewares.rce-auth.forwardauth.tls.insecureSkipVerify=true"
       - "traefik.http.middlewares.rce-error.errors.status=500-599"
       - "traefik.http.middlewares.rce-error.errors.service=landing@docker"
diff --git a/traefik/docker-compose.yml b/traefik/docker-compose.yml
index 910f400..8dbde0c 100644
--- a/traefik/docker-compose.yml
+++ b/traefik/docker-compose.yml
@@ -1,6 +1,6 @@
 services:
   traefik:
-    image: traefik:v2.10.3
+    image: traefik:v2.10.5
     command:
       - "--api.insecure=true"
       - "--providers.docker=true"
@@ -77,11 +77,8 @@ services:
       - tgif
       - zod_playground
       - projects
-      - ohmyform_external
-      - calcom_external
-      - nitter
-      - focalboard_external
       - conference
+      - gold
 
 networks:
   pesto:
@@ -121,3 +118,5 @@ networks:
     external: true
   conference:
     external: true
+  gold:
+    external: true