diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json
index 5853670..d8538a9 100644
--- a/.devcontainer/devcontainer.json
+++ b/.devcontainer/devcontainer.json
@@ -60,6 +60,7 @@
       }
     }
   },
+  "remoteEnv": { "LOCAL_WORKSPACE_FOLDER": "${localWorkspaceFolder}" },
   "postCreateCommand": "rm -f ~/.docker/config.json; git config --global --add safe.directory /workspaces/electronic-prescription-service-get-secrets; make install; direnv allow ."
   // "features": {},
   // Use 'forwardPorts' to make a list of ports inside the container available locally.
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index bd0629b..3ff6ab9 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -7,8 +7,13 @@ on:
         required: true
 
 jobs:
+  quality_checks:
+    uses: NHSDigital/eps-workflow-quality-checks/.github/workflows/quality-checks.yml@v4.0.5
+    secrets:
+      SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
   build:
     runs-on: ubuntu-latest
+    needs: quality_checks
     steps:
       - name: Checkout code
         uses: actions/checkout@v4
@@ -42,12 +47,6 @@ jobs:
         run: |
           make install
 
-      - name: run check-licenses
-        run: make check-licenses
-
-      - name: run lint
-        run: make lint
-
       - name: run compile-go
         run: make compile-go
 
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index ba9c374..05da21b 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -40,5 +40,15 @@ repos:
         types_or: [yaml]
         pass_filenames: false
 
+  - repo: local
+    hooks:
+      - id: git-secrets
+        name: Git Secrets
+        description: git-secrets scans commits, commit messages, and --no-ff merges to prevent adding secrets into your git repositories.
+        entry: bash
+        args:
+          - -c
+          - 'docker run -v "$LOCAL_WORKSPACE_FOLDER:/src" git-secrets --pre_commit_hook'
+        language: system
 fail_fast: true
 default_stages: [commit]