diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index dcede9b9..005a85a1 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -10,7 +10,7 @@ repos:
     # You are encouraged to use static refs such as tags, instead of branch name
     #
     # Running "pre-commit autoupdate" automatically updates rev to latest tag
-    rev: 0.13.1+ibm.62.dss
+    rev: 0.13.1+ibm.64.dss
     hooks:
       - id: detect-secrets # pragma: whitelist secret
         # Add options for detect-secrets-hook binary. You can run `detect-secrets-hook --help` to list out all possible options.
diff --git a/.secrets.baseline b/.secrets.baseline
index 0908992f..6c9eedd3 100644
--- a/.secrets.baseline
+++ b/.secrets.baseline
@@ -3,7 +3,7 @@
     "files": "^.secrets.baseline$",
     "lines": "REPLACE|PWD_TRUST|SECRET|keyStore|secret"
   },
-  "generated_at": "2026-01-13T17:13:54Z",
+  "generated_at": "2026-02-16T12:14:41Z",
   "plugins_used": [
     {
       "name": "AWSKeyDetector"
@@ -578,7 +578,7 @@
       }
     ]
   },
-  "version": "0.13.1+ibm.62.dss",
+  "version": "0.13.1+ibm.64.dss",
   "word_list": {
     "file": null,
     "hash": null
diff --git a/required-checks.json b/required-checks.json
new file mode 100644
index 00000000..1e3ee2b2
--- /dev/null
+++ b/required-checks.json
@@ -0,0 +1,9 @@
+[{
+  "type": "branch-protection",
+  "name": "code-review",
+  "params": {
+    "checks": [
+      "tekton/devsecops"
+    ]
+  }
+}]
\ No newline at end of file