diff --git a/.github/workflows/code-scan.yml b/.github/workflows/code-scan.yml
new file mode 100644
index 0000000..361a493
--- /dev/null
+++ b/.github/workflows/code-scan.yml
@@ -0,0 +1,18 @@
+name: "Code scanning"
+
+on:
+  push:
+    branches: ["main"]
+  pull_request:
+    branches: ["main"]
+
+jobs:
+  gosec:
+    permissions:
+      # Required to upload SARIF files
+      security-events: write
+      # for actions/checkout to fetch code
+      contents: read
+    # call reusable workflow from central '.github' repo
+    uses: open-component-model/.github/.github/workflows/code-scan.yml@main
+    secrets: inherit
diff --git a/README.md b/README.md
index ca3ce1e..842a6b4 100644
--- a/README.md
+++ b/README.md
@@ -182,6 +182,6 @@ OCM follows the [CNCF Code of Conduct](https://github.com/cncf/foundation/blob/m
 
 ## Licensing
 
-Copyright 2022-2023 SAP SE or an SAP affiliate company and Open Component Model contributors.
+Copyright 2025 SAP SE or an SAP affiliate company and Open Component Model contributors.
 Please see our [LICENSE](LICENSE) for copyright and license information.
 Detailed information including third-party components and their licensing/copyright information is available [via the REUSE tool](https://api.reuse.software/info/github.com/open-component-model/replication-controller).
diff --git a/REUSE.toml b/REUSE.toml
index ac459cc..451fdb6 100644
--- a/REUSE.toml
+++ b/REUSE.toml
@@ -7,5 +7,5 @@ SPDX-PackageComment = "The code in this project may include calls to APIs (\"API
 [[annotations]]
 path = "**"
 precedence = "aggregate"
-SPDX-FileCopyrightText = "2022 SAP SE or an SAP affiliate company and Open Component Model contributors"
+SPDX-FileCopyrightText = "2025 SAP SE or an SAP affiliate company and Open Component Model contributors"
 SPDX-License-Identifier = "Apache-2.0"