diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
new file mode 100644
index 0000000..bdf210e
--- /dev/null
+++ b/.github/workflows/main.yml
@@ -0,0 +1,38 @@
+name: CI
+
+on:
+  push:
+  pull_request:
+
+jobs:
+  scripts:
+    name: Scripts
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Validate shell script syntax
+        shell: bash
+        run: |
+          set -euo pipefail
+          shopt -s nullglob
+          scripts=( *.sh )
+          if [ ${#scripts[@]} -eq 0 ]; then
+            echo "No shell scripts found"
+            exit 0
+          fi
+
+          for script in "${scripts[@]}"; do
+            echo "Checking ${script}"
+            bash -n "${script}"
+          done
+
+  docker-build:
+    name: Docker Build
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: docker/setup-buildx-action@v3
+
+      - name: Build image
+        run: docker build --build-arg OWTF_VERSION=develop -t owtf-docker:ci .
diff --git a/Dockerfile b/Dockerfile
index a4e86b8..59a542b 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -3,8 +3,9 @@ FROM kalilinux/kali-rolling
 MAINTAINER @viyatb viyat.bhalodia@owasp.org, @alexandrasandulescu alecsandra.sandulescu@gmail.com
 
 # Kali signatures preventive update
-RUN apt-get update && apt-get dist-upgrade -y && apt-get install -y gnupg
-RUN wget -q -O - archive.kali.org/archive-key.asc | apt-key add
+RUN apt-get update \
+    && apt-get dist-upgrade -y \
+    && apt-get install -y --no-install-recommends ca-certificates gnupg wget kali-archive-keyring
 
 # install required packages from Kali repos
 COPY packages.sh /
@@ -36,8 +37,8 @@ ENV SHELL /bin/bash
 WORKDIR /owtf
 
 # core installation
-RUN python3 -m pip install --no-cache-dir --upgrade pip setuptools wheel \
-    && python3 -m pip install --no-cache-dir -e .
+RUN python3 -m pip install --no-cache-dir --break-system-packages --upgrade pip setuptools wheel \
+    && python3 -m pip install --no-cache-dir --break-system-packages -e .
 
 # expose ports
 EXPOSE 8010 8009 8008
diff --git a/optional_tools.sh b/optional_tools.sh
index 1b74542..57a8019 100644
--- a/optional_tools.sh
+++ b/optional_tools.sh
@@ -14,7 +14,13 @@ PACKAGES="theharvester \
           o-saft"
 
 if [ "$1" = "--download-only" ]; then
-  apt-get install -d -y $PACKAGES
+  install_args="-d -y"
 else
-  apt-get install -y $PACKAGES
+  install_args="-y"
 fi
+
+for package in $PACKAGES; do
+  if ! apt-get install $install_args "$package"; then
+    echo "[!] Skipping unavailable optional package: $package"
+  fi
+done