diff --git a/.github/linters/.checkov.yaml b/.github/linters/.checkov.yaml
new file mode 100644
index 0000000..3c1877f
--- /dev/null
+++ b/.github/linters/.checkov.yaml
@@ -0,0 +1,2 @@
+skip-check:
+  - CKV2_GHA_1
diff --git a/.github/linters/.jscpd.json b/.github/linters/.jscpd.json
new file mode 100644
index 0000000..39e34b1
--- /dev/null
+++ b/.github/linters/.jscpd.json
@@ -0,0 +1,3 @@
+{
+  "threshold": 10
+}
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index f229a1d..ca97721 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -12,7 +12,7 @@ jobs:
     runs-on: ubuntu-24.04
     strategy:
       matrix:
-        java-version: [8, 11, 17]
+        java-version: [8, 11, 17, 21]
 
     steps:
       - name: Checkout repository
@@ -34,6 +34,12 @@ jobs:
     name: Lint
     runs-on: ubuntu-24.04
 
+    permissions:
+      contents: read
+      packages: read
+      # To report GitHub Actions status checks
+      statuses: write
+
     steps:
       - name: Checkout repository
         uses: actions/checkout@v4
@@ -41,10 +47,8 @@ jobs:
           fetch-depth: 0 # needed for super-linter
 
       - name: Lint codebase
-        uses: github/super-linter@v5
+        uses: super-linter/super-linter/slim@4e8a7c2bf106c4c766c816b35ec612638dc9b6b2 # v7.3.0
         env:
-          VALIDATE_ALL_CODEBASE: false
-          DEFAULT_BRANCH: main
           IGNORE_GITIGNORED_FILES: true
           FILTER_REGEX_INCLUDE: .*src/.*, .*test/.*
           FILTER_REGEX_EXCLUDE: .*package-info.java