diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
new file mode 100644
index 0000000..b25a094
--- /dev/null
+++ b/.github/CODEOWNERS
@@ -0,0 +1,10 @@
+# Default owners for everything
+* @host-uk/core-maintainers
+
+# Scripts and CI
+/scripts/ @host-uk/devops
+/.github/ @host-uk/devops
+
+# Documentation
+*.md @host-uk/docs
+/docs/ @host-uk/docs
diff --git a/.github/ISSUE_TEMPLATE/bug_report.yml b/.github/ISSUE_TEMPLATE/bug_report.yml
new file mode 100644
index 0000000..2bac09c
--- /dev/null
+++ b/.github/ISSUE_TEMPLATE/bug_report.yml
@@ -0,0 +1,51 @@
+name: Bug Report
+description: Report a problem with the developer workspace or scripts
+title: "[Bug]: "
+labels: ["bug", "triage"]
+body:
+  - type: markdown
+    attributes:
+      value: |
+        Thanks for reporting! Please fill out the details below.
+
+  - type: dropdown
+    id: os
+    attributes:
+      label: Operating System
+      options:
+        - macOS
+        - Windows
+        - Linux (Ubuntu/Debian)
+        - Linux (Other)
+    validations:
+      required: true
+
+  - type: input
+    id: script
+    attributes:
+      label: Script/Command
+      description: Which script or command failed?
+      placeholder: "e.g., make setup, install-deps.ps1, core doctor"
+    validations:
+      required: true
+
+  - type: textarea
+    id: description
+    attributes:
+      label: What happened?
+      description: Describe the issue
+    validations:
+      required: true
+
+  - type: textarea
+    id: expected
+    attributes:
+      label: Expected behaviour
+      description: What should have happened?
+
+  - type: textarea
+    id: logs
+    attributes:
+      label: Error output
+      description: Paste any error messages
+      render: shell
diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml
new file mode 100644
index 0000000..b3e6d29
--- /dev/null
+++ b/.github/ISSUE_TEMPLATE/config.yml
@@ -0,0 +1,8 @@
+blank_issues_enabled: false
+contact_links:
+  - name: Questions & Discussions
+    url: https://github.com/host-uk/core-devops/discussions
+    about: Ask questions and discuss ideas
+  - name: Security Issues
+    url: https://github.com/host-uk/core-devops/security/policy
+    about: Report security vulnerabilities privately
diff --git a/.github/ISSUE_TEMPLATE/feature_request.yml b/.github/ISSUE_TEMPLATE/feature_request.yml
new file mode 100644
index 0000000..cb24db9
--- /dev/null
+++ b/.github/ISSUE_TEMPLATE/feature_request.yml
@@ -0,0 +1,45 @@
+name: Feature Request
+description: Suggest an improvement to the developer workspace
+title: "[Feature]: "
+labels: ["enhancement"]
+body:
+  - type: markdown
+    attributes:
+      value: |
+        Thanks for the suggestion! Please describe your idea below.
+
+  - type: dropdown
+    id: area
+    attributes:
+      label: Area
+      options:
+        - Setup scripts (install-deps, install-core)
+        - Core CLI commands
+        - Documentation
+        - IDE configuration
+        - CI/CD workflows
+        - Other
+    validations:
+      required: true
+
+  - type: textarea
+    id: problem
+    attributes:
+      label: Problem or use case
+      description: What problem does this solve?
+    validations:
+      required: true
+
+  - type: textarea
+    id: solution
+    attributes:
+      label: Proposed solution
+      description: How would you like it to work?
+    validations:
+      required: true
+
+  - type: textarea
+    id: alternatives
+    attributes:
+      label: Alternatives considered
+      description: Any other approaches you've thought about?
diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md
new file mode 100644
index 0000000..f061142
--- /dev/null
+++ b/.github/PULL_REQUEST_TEMPLATE.md
@@ -0,0 +1,25 @@
+## Summary
+
+<!-- Brief description of changes -->
+
+## Type of change
+
+- [ ] Bug fix
+- [ ] New feature
+- [ ] Documentation
+- [ ] CI/CD improvement
+- [ ] Other: <!-- describe -->
+
+## Checklist
+
+- [ ] Scripts tested on target OS (macOS/Windows/Linux)
+- [ ] Documentation updated if needed
+- [ ] No secrets or credentials in code
+
+## Testing
+
+<!-- How did you test these changes? -->
+
+## Related issues
+
+<!-- Link any related issues: Fixes #123, Relates to #456 -->
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
new file mode 100644
index 0000000..b226692
--- /dev/null
+++ b/.github/dependabot.yml
@@ -0,0 +1,24 @@
+version: 2
+updates:
+  # GitHub Actions
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    commit-message:
+      prefix: "ci(deps)"
+    labels:
+      - "dependencies"
+      - "github-actions"
+
+  # Go modules (for core CLI when built locally)
+  - package-ecosystem: "gomod"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    commit-message:
+      prefix: "chore(deps)"
+    labels:
+      - "dependencies"
+      - "go"
+    open-pull-requests-limit: 5
diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000..c8956cd
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,32 @@
+# Security Policy
+
+## Supported Versions
+
+| Version | Supported          |
+| ------- | ------------------ |
+| dev     | :white_check_mark: |
+
+## Reporting a Vulnerability
+
+**Please do not report security vulnerabilities through public GitHub issues.**
+
+Instead, please report them via email to: **security@host.uk.com**
+
+Include:
+- Description of the vulnerability
+- Steps to reproduce
+- Potential impact
+- Any suggested fixes (optional)
+
+You should receive a response within 48 hours. If the issue is confirmed, we will:
+1. Work on a fix privately
+2. Release a patch
+3. Credit you in the release notes (unless you prefer anonymity)
+
+## Security Best Practices
+
+When contributing to this repository:
+- Never commit secrets, API keys, or credentials
+- Use environment variables for sensitive configuration
+- Review dependencies for known vulnerabilities
+- Follow the principle of least privilege in scripts