diff --git a/.github/dependabot.yml b/.github/dependabot.yml
new file mode 100644
index 00000000..7976d63f
--- /dev/null
+++ b/.github/dependabot.yml
@@ -0,0 +1,6 @@
+version: 2
+updates:
+  - package-ecosystem: "gomod" # See documentation for possible values
+    directory: "/" # Location of package manifests
+    schedule:
+      interval: "weekly"
\ No newline at end of file
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
new file mode 100644
index 00000000..63426726
--- /dev/null
+++ b/.github/workflows/ci.yml
@@ -0,0 +1,47 @@
+name: did-dht-ci
+
+# when:
+#   - a pull request is opened against main
+#   - commits are pushed to main
+on:
+  push:
+    branches: [ main ]
+  pull_request:
+    branches: [ main ]
+  # used to run action manually via the UI
+  workflow_dispatch:
+
+jobs:
+  vulnerability-scan:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Set up Go
+        uses: actions/setup-go@v3
+        with:
+          go-version: 1.21.3
+
+      - name: Install Mage
+        run: go install github.com/magefile/mage
+
+      - name: Check Vulnerabilities
+        run: mage -v vuln
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Set up Go
+        uses: actions/setup-go@v3
+        with:
+          go-version: 1.21.3
+
+      - name: Install Mage
+        run: go install github.com/magefile/mage
+
+      - name: Build
+        run: mage build
+
+      - name: Test
+        run: mage citest
\ No newline at end of file
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
new file mode 100644
index 00000000..cf011ea4
--- /dev/null
+++ b/.github/workflows/codeql-analysis.yml
@@ -0,0 +1,42 @@
+name: "CodeQL"
+
+on:
+  push:
+    branches: [ main ]
+  pull_request:
+    # The branches below must be a subset of the branches above
+    branches: [ main ]
+  schedule:
+    - cron: '34 18 * * 1'
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+    env:
+      GOFLAGS: "-tags=jwx_es256k"
+
+    strategy:
+      fail-fast: false
+      matrix:
+        language: [ 'go' ]
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+
+      # Initializes the CodeQL tools for scanning.
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v2
+        with:
+          languages: ${{ matrix.language }}
+
+      - name: Autobuild
+        uses: github/codeql-action/autobuild@v2
+
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v2
\ No newline at end of file
diff --git a/.github/workflows/golangci-lint.yml b/.github/workflows/golangci-lint.yml
new file mode 100644
index 00000000..04ab734d
--- /dev/null
+++ b/.github/workflows/golangci-lint.yml
@@ -0,0 +1,44 @@
+name: golangci-lint
+on:
+  push:
+    tags:
+      - v*
+    branches:
+      - master
+      - main
+  pull_request:
+permissions:
+  contents: read
+jobs:
+  golangci:
+    name: lint
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/setup-go@v3
+        with:
+          go-version: 1.21.3
+      - uses: actions/checkout@v3
+      - name: golangci-lint
+        uses: golangci/golangci-lint-action@v3
+        with:
+          # Optional: version of golangci-lint to use in form of v1.2 or v1.2.3 or `latest` to use the latest version
+          version: latest
+
+          # Optional: working directory, useful for monorepos
+          # working-directory: somedir
+
+          # Optional: golangci-lint command line arguments.
+          args: --timeout=3m --verbose
+
+          # Optional: show only new issues if it's a pull request. The default value is `false`.
+          # only-new-issues: true
+
+          # Optional: if set to true then the all caching functionality will be complete disabled,
+          #           takes precedence over all other caching options.
+          # skip-cache: true
+
+          # Optional: if set to true then the action don't cache or restore ~/go/pkg.
+          # skip-pkg-cache: true
+
+          # Optional: if set to true then the action don't cache or restore ~/.cache/go-build.
+          # skip-build-cache: true
\ No newline at end of file
diff --git a/impl/internal/did/did_test.go b/impl/internal/did/did_test.go
index b60ed57a..36f237ac 100644
--- a/impl/internal/did/did_test.go
+++ b/impl/internal/did/did_test.go
@@ -51,7 +51,7 @@ func TestGenerateDIDDHT(t *testing.T) {
 			VerificationMethods: []VerificationMethod{
 				{
 					VerificationMethod: did.VerificationMethod{
-						ID:           "did:dht:123456789abcdefghi#key1",
+						ID:           "key1",
 						Type:         "JsonWebKey2020",
 						Controller:   "did:dht:123456789abcdefghi",
 						PublicKeyJWK: pubKeyJWK,
@@ -61,12 +61,12 @@ func TestGenerateDIDDHT(t *testing.T) {
 			},
 			Services: []did.Service{
 				{
-					ID:              "did:dht:123456789abcdefghi#vcs",
+					ID:              "vcs",
 					Type:            "VerifiableCredentialService",
 					ServiceEndpoint: "https://example.com/vc/",
 				},
 				{
-					ID:              "did:dht:123456789abcdefghi#hub",
+					ID:              "hub",
 					Type:            "MessagingService",
 					ServiceEndpoint: "https://example.com/hub/",
 				},
@@ -103,11 +103,11 @@ func TestGenerateDIDDHT(t *testing.T) {
 		assert.NotEmpty(t, doc.VerificationMethod[0].Type)
 		assert.NotEmpty(t, doc.VerificationMethod[0].PublicKeyJWK)
 
-		assert.Equal(t, doc.Services[0].ID, "did:dht:123456789abcdefghi#vcs")
+		assert.Equal(t, doc.Services[0].ID, doc.ID+"#vcs")
 		assert.Equal(t, doc.Services[0].Type, "VerifiableCredentialService")
 		assert.Equal(t, doc.Services[0].ServiceEndpoint, "https://example.com/vc/")
 
-		assert.Equal(t, doc.Services[1].ID, "did:dht:123456789abcdefghi#hub")
+		assert.Equal(t, doc.Services[1].ID, doc.ID+"#hub")
 		assert.Equal(t, doc.Services[1].Type, "MessagingService")
 		assert.Equal(t, doc.Services[1].ServiceEndpoint, "https://example.com/hub/")
 	})
diff --git a/impl/magefile.go b/impl/magefile.go
index 9115bbb7..e475e2ab 100644
--- a/impl/magefile.go
+++ b/impl/magefile.go
@@ -60,6 +60,33 @@ func runTests(extraTestArgs ...string) error {
 	return err
 }
 
+// CITest runs unit tests with coverage as a part of CI.
+// The mage `-v` option will trigger a verbose output of the test
+func CITest() error {
+	return runCITests()
+}
+
+func runCITests(extraTestArgs ...string) error {
+	args := []string{"test"}
+	if mg.Verbose() {
+		args = append(args, "-v")
+	}
+	args = append(args, "-tags=jwx_es256k")
+	args = append(args, "-covermode=atomic")
+	args = append(args, "-coverprofile=coverage.out")
+	args = append(args, "-race")
+	args = append(args, extraTestArgs...)
+	args = append(args, "./...")
+	testEnv := map[string]string{
+		"CGO_ENABLED": "1",
+		"GO111MODULE": "on",
+	}
+	writer := ColorizeTestStdout()
+	fmt.Printf("%+v", args)
+	_, err := sh.Exec(testEnv, writer, os.Stderr, Go, args...)
+	return err
+}
+
 func Deps() error {
 	return brewInstall("golangci-lint")
 }