diff --git a/hooks/post_gen_project.py b/hooks/post_gen_project.py
index 5fe5113..537be9b 100644
--- a/hooks/post_gen_project.py
+++ b/hooks/post_gen_project.py
@@ -25,7 +25,11 @@
     # Initialize git
     subprocess.run(["git", "init", "-b", "main"], check=True, shell=use_shell)
     subprocess.run(["git", "add", "."], check=True, shell=use_shell)
-    subprocess.run(["git", "commit", "-m", "Initial commit from cookiecutter"], check=True, shell=use_shell)
+    subprocess.run(
+        ["git", "commit", "-m", "Initial commit from cookiecutter"],
+        check=True,
+        shell=use_shell,
+    )
 
     # Install dependencies
     print("\nInstalling dependencies with Poetry...")
diff --git a/hooks/pre_gen_project.py b/hooks/pre_gen_project.py
index ae27662..79dc86d 100644
--- a/hooks/pre_gen_project.py
+++ b/hooks/pre_gen_project.py
@@ -11,11 +11,11 @@
 import re
 import sys
 
-MODULE_REGEX = r'^[_a-zA-Z][_a-zA-Z0-9]+$'
+MODULE_REGEX = r"^[_a-zA-Z][_a-zA-Z0-9]+$"
 
-module_name = '{{ cookiecutter.project_slug }}'
+module_name = "{{ cookiecutter.project_slug }}"
 
 if not re.match(MODULE_REGEX, module_name):
-    print(f'ERROR: The project slug ({module_name}) is not a valid Python module name.')
+    print(f"ERROR: The project slug ({module_name}) is not a valid Python module name.")
     print('Please do not use a "-" and ensure it starts with a letter or underscore.')
     sys.exit(1)
diff --git a/readme.md b/readme.md
index dd553fb..48fc609 100644
--- a/readme.md
+++ b/readme.md
@@ -1 +1 @@
-cookiecutter https://github.com/CoReason-AI/python_template --checkout main
\ No newline at end of file
+cookiecutter https://github.com/CoReason-AI/python_template --checkout main
diff --git a/{{cookiecutter.project_slug}}/.github/workflows/ci-cd.yml b/{{cookiecutter.project_slug}}/.github/workflows/ci-cd.yml
index da8506f..a70ba93 100644
--- a/{{cookiecutter.project_slug}}/.github/workflows/ci-cd.yml
+++ b/{{cookiecutter.project_slug}}/.github/workflows/ci-cd.yml
@@ -130,4 +130,4 @@ jobs:
         with:
           user: __token__
           password: ${{ secrets.PYPI_API_TOKEN }}
-{% endraw %}
\ No newline at end of file
+{% endraw %}
diff --git a/{{cookiecutter.project_slug}}/.github/workflows/docker.yml b/{{cookiecutter.project_slug}}/.github/workflows/docker.yml
index 77f3eb1..8e9b31a 100644
--- a/{{cookiecutter.project_slug}}/.github/workflows/docker.yml
+++ b/{{cookiecutter.project_slug}}/.github/workflows/docker.yml
@@ -10,6 +10,8 @@ on:
 permissions:
   contents: read
   packages: write
+  attestations: write
+  id-token: write
 
 concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
@@ -57,4 +59,4 @@ jobs:
           ignore-unfixed: true
           vuln-type: 'os,library'
           severity: 'CRITICAL,HIGH'
-{% endraw %}
\ No newline at end of file
+{% endraw %}
diff --git a/{{cookiecutter.project_slug}}/.github/workflows/publish.yml b/{{cookiecutter.project_slug}}/.github/workflows/publish.yml
index 57fc276..d3b0c8b 100644
--- a/{{cookiecutter.project_slug}}/.github/workflows/publish.yml
+++ b/{{cookiecutter.project_slug}}/.github/workflows/publish.yml
@@ -42,4 +42,4 @@ jobs:
         # No 'user' or 'password' fields are needed here.
         # The action automatically uses the OIDC token from the
         # 'id-token: write' permission.
-{% endraw %}
\ No newline at end of file
+{% endraw %}