diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index f463cd7..b00cdf8 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -6,6 +6,10 @@ on:
       - main
   pull_request:
 
+concurrency:
+  group: docker-main
+  cancel-in-progress: true
+
 jobs:
   build-and-push:
     runs-on: ubuntu-latest
diff --git a/.github/workflows/vingo.yml b/.github/workflows/vingo.yml
new file mode 100644
index 0000000..b8a3d9a
--- /dev/null
+++ b/.github/workflows/vingo.yml
@@ -0,0 +1,46 @@
+---
+name: Rust Cargo validator
+
+on: 
+  push:
+    branches:
+      - main
+    paths:
+      - .github/workflows/vingo.yml
+      - 'vingo/**/*.rs'
+  pull_request:
+    paths:
+      - .github/workflows/vingo.yml
+      - 'vingo/**/*.rs'
+  workflow_dispatch:
+
+jobs:
+
+  formatting:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v4
+    - name: Install latest rust toolchain
+      uses: actions-rs/toolchain@v1.0.6
+      with:
+        toolchain: stable
+        components: rustfmt
+        override: true
+
+    - name: Check formatting
+      working-directory: vingo/
+      run: cargo fmt -- --check
+
+  clipy:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v4
+    - name: Install latest rust toolchain
+      uses: actions-rs/toolchain@v1.0.6
+      with:
+        toolchain: stable
+        components: clippy
+        override: true
+    - name: Clippy check
+      working-directory: vingo/
+      run: cargo clippy --locked --all-targets --all-features
diff --git a/.github/workflows/vingo_audit.yml b/.github/workflows/vingo_audit.yml
new file mode 100644
index 0000000..4284b76
--- /dev/null
+++ b/.github/workflows/vingo_audit.yml
@@ -0,0 +1,27 @@
+---
+name: Audit Rust dependencies
+on:
+  pull_request:
+    paths:
+      - .github/workflows/vingo_audit.yml
+      - 'vingo/**/Cargo.toml'
+      - 'vingo/**/Cargo.lock'
+
+  schedule:
+    - cron: '0 0 * * *'
+  workflow_dispatch:
+
+jobs:
+  security_audit:
+    runs-on: ubuntu-latest
+
+    permissions:
+      issues: write
+      checks: write
+
+    steps:
+      - uses: actions/checkout@v4
+      - uses: rustsec/audit-check@v1.4.1
+        working-directory: vingo/
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/vinvoor_format_lint.yml b/.github/workflows/vinvoor_format_lint.yml
index 24a6b47..3195e8f 100644
--- a/.github/workflows/vinvoor_format_lint.yml
+++ b/.github/workflows/vinvoor_format_lint.yml
@@ -4,7 +4,13 @@ on:
   push:
     branches:
       - main
+    paths:
+      - .github/workflows/vinvoor_format_lint.yml
+      - 'vinvoor/**'
   pull_request:
+    paths:
+      - .github/workflows/vinvoor_format_lint.yml
+      - 'vinvoor/**'
 
 jobs:
   format-and-lint:
diff --git a/vingo/migration/src/m20240903_194156_create_scan.rs b/vingo/migration/src/m20240903_194156_create_scan.rs
index 4ac9605..fd49f10 100644
--- a/vingo/migration/src/m20240903_194156_create_scan.rs
+++ b/vingo/migration/src/m20240903_194156_create_scan.rs
@@ -8,7 +8,7 @@ pub struct Migration;
 enum Scan {
     Table,
     Id,
-    ScanTime,
+    Time,
     CardSerial,
 }
 
@@ -22,9 +22,7 @@ impl MigrationTrait for Migration {
                     .table(Scan::Table)
                     .col(pk_auto(Scan::Id))
                     .col(text(Scan::CardSerial))
-                    .col(
-                        timestamp_with_time_zone(Scan::ScanTime).default(Expr::current_timestamp()),
-                    )
+                    .col(timestamp_with_time_zone(Scan::Time).default(Expr::current_timestamp()))
                     .foreign_key(
                         ForeignKey::create()
                             .from(Scan::Table, Scan::CardSerial)
diff --git a/vingo/src/main.rs b/vingo/src/main.rs
index 0341d2a..d8cacdb 100644
--- a/vingo/src/main.rs
+++ b/vingo/src/main.rs
@@ -26,7 +26,7 @@ use tower_sessions::{cookie::SameSite, MemoryStore, SessionManagerLayer};
 
 use migration::{Migrator, MigratorTrait};
 
-const DB_URL: LazyLock<String> = LazyLock::new(|| {
+static DB_URL: LazyLock<String> = LazyLock::new(|| {
     env::var("POSTGRES_CONNECTION_STRING").expect("POSTGRES_CONNECTION_STRING not present")
 });
 
diff --git a/vingo/src/routes/auth.rs b/vingo/src/routes/auth.rs
index 21420c3..1cf66c6 100644
--- a/vingo/src/routes/auth.rs
+++ b/vingo/src/routes/auth.rs
@@ -19,15 +19,15 @@ use crate::AppState;
 use super::util::errors::{ResponseResult, ResultAndLogError};
 use super::util::session::{get_user, SessionKeys};
 
-const ZAUTH_URL: LazyLock<String> =
+static ZAUTH_URL: LazyLock<String> =
     LazyLock::new(|| env::var("ZAUTH_URL").expect("ZAUTH_URL not present"));
-const CALLBACK_URL: LazyLock<String> =
+static CALLBACK_URL: LazyLock<String> =
     LazyLock::new(|| env::var("ZAUTH_CALLBACK_PATH").expect("ZAUTH_CALLBACK_PATH not present"));
-const FRONTEND_URL: LazyLock<String> =
+static FRONTEND_URL: LazyLock<String> =
     LazyLock::new(|| env::var("FRONTEND_URL").expect("FRONTEND_URL not present"));
-const ZAUTH_CLIENT_ID: LazyLock<String> =
+static ZAUTH_CLIENT_ID: LazyLock<String> =
     LazyLock::new(|| env::var("ZAUTH_CLIENT_ID").expect("ZAUTH_CLIENT_ID not present"));
-const ZAUTH_CLIENT_SECRET: LazyLock<String> =
+static ZAUTH_CLIENT_SECRET: LazyLock<String> =
     LazyLock::new(|| env::var("ZAUTH_CLIENT_SECRET").expect("ZAUTH_CLIENT_SECRET not present"));
 
 pub async fn current_user(session: Session) -> ResponseResult<Json<Model>> {
@@ -98,7 +98,7 @@ pub async fn callback(
     let zauth_url = ZAUTH_URL.to_string();
     // get token from zauth with code
     let token = client
-        .post(&format!("{zauth_url}/oauth/token"))
+        .post(format!("{zauth_url}/oauth/token"))
         .basic_auth(
             ZAUTH_CLIENT_ID.to_string(),
             Some(ZAUTH_CLIENT_SECRET.to_string()),
diff --git a/vingo/src/routes/info.rs b/vingo/src/routes/info.rs
index fcc1bef..57ce2dc 100644
--- a/vingo/src/routes/info.rs
+++ b/vingo/src/routes/info.rs
@@ -6,7 +6,7 @@ pub struct Version {
     version: String,
 }
 pub async fn version() -> Json<Version> {
-    return Json(Version {
+    Json(Version {
         version: env!("CARGO_PKG_VERSION").to_string(),
-    });
+    })
 }
diff --git a/vingo/src/routes/leaderboard.rs b/vingo/src/routes/leaderboard.rs
index 98eea9b..de0fc98 100644
--- a/vingo/src/routes/leaderboard.rs
+++ b/vingo/src/routes/leaderboard.rs
@@ -39,7 +39,7 @@ pub async fn get(
         let position_change = leaderboard_last_week
             .iter()
             .find(|v| v.id == user.id)
-            .and_then(|v| Some(v.position - user.position));
+            .map(|v| v.position - user.position);
         user.position_change = position_change;
     }
 
diff --git a/vingo/src/routes/scans.rs b/vingo/src/routes/scans.rs
index ec59943..e211179 100644
--- a/vingo/src/routes/scans.rs
+++ b/vingo/src/routes/scans.rs
@@ -19,7 +19,7 @@ use super::util::{
     session::{get_season, get_user},
 };
 
-const SCAN_KEY: LazyLock<String> =
+static SCAN_KEY: LazyLock<String> =
     LazyLock::new(|| env::var("SCAN_KEY").expect("SCAN_KEY not present"));
 
 pub async fn get_for_current_user(
diff --git a/vingo/src/routes/seasons.rs b/vingo/src/routes/seasons.rs
index 379d985..5aa88fc 100644
--- a/vingo/src/routes/seasons.rs
+++ b/vingo/src/routes/seasons.rs
@@ -36,7 +36,7 @@ pub async fn get_all(state: State<AppState>) -> ResponseResult<Json<Vec<SeasonGe
 }
 
 pub async fn db_seasons(db: &DatabaseConnection, future: bool) -> ResponseResult<Vec<SeasonGet>> {
-    Ok(Season::find()
+    Season::find()
         .column_as(
             Expr::col(season::Column::Start)
                 .lte(Expr::current_date())
@@ -50,7 +50,7 @@ pub async fn db_seasons(db: &DatabaseConnection, future: bool) -> ResponseResult
         .into_model::<SeasonGet>()
         .all(db)
         .await
-        .or_log((StatusCode::INTERNAL_SERVER_ERROR, "failed to get seasons"))?)
+        .or_log((StatusCode::INTERNAL_SERVER_ERROR, "failed to get seasons"))
 }
 
 #[derive(Debug, Serialize, Deserialize)]