diff --git a/.github/workflows/security.yml b/.github/workflows/security.yml
index 48ecece..cc831e0 100644
--- a/.github/workflows/security.yml
+++ b/.github/workflows/security.yml
@@ -26,13 +26,13 @@ jobs:
       uses: actions/setup-node@v4
       with:
         node-version: '18'
-        cache: 'npm'
+        cache: 'yarn'
 
     - name: Install dependencies
-      run: npm ci
+      run: yarn install --frozen-lockfile
 
-    - name: Run npm audit
-      run: npm audit --audit-level=high
+    - name: Run yarn audit
+      run: yarn audit --level high
 
     - name: Initialize CodeQL
       uses: github/codeql-action/init@v3
diff --git a/.serena/memories/dashboard_security_fix.md b/.serena/memories/dashboard_security_fix.md
new file mode 100644
index 0000000..38c0999
--- /dev/null
+++ b/.serena/memories/dashboard_security_fix.md
@@ -0,0 +1,26 @@
+# Dashboard Security Fix
+
+## Problem
+The Traefik dashboard at http://quixy.uk:8080/dashboard/#/ was not password protected, showing all requests publicly.
+
+## Root Cause
+Two configuration files had `insecure: true` settings that disabled authentication:
+1. `docker-compose.yml` - `--api.insecure=true` command argument
+2. `traefik.yml` - `insecure: true` in api section
+
+## Solution Applied
+Fixed both configuration files:
+- Changed `--api.insecure=true` to `--api.insecure=false` in docker-compose.yml
+- Changed `insecure: true` to `insecure: false` in traefik.yml
+
+## Authentication Details
+Dashboard now uses basic HTTP authentication with credentials already configured:
+- Username: admin
+- Password: password (hash stored in TRAEFIK_AUTH environment variable)
+
+## To Apply Changes
+Run: `docker-compose down && docker-compose up -d`
+
+## Files Modified
+- docker-compose.yml:25 (insecure flag)
+- traefik.yml:18 (insecure setting)
\ No newline at end of file
diff --git a/docker-compose.yml b/docker-compose.yml
index e5be3df..0d34124 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -6,7 +6,7 @@ services:
     restart: unless-stopped
     command:
       - --api.dashboard=true
-      - --api.insecure=true
+      - --api.insecure=false
       - --providers.docker=true
       - --providers.docker.exposedbydefault=false
       - --entrypoints.web.address=:80
diff --git a/traefik.yml b/traefik.yml
index 65df16d..76bc9cf 100644
--- a/traefik.yml
+++ b/traefik.yml
@@ -19,7 +19,7 @@ entryPoints:
 # API and dashboard configuration
 api:
   dashboard: true
-  insecure: true
+  insecure: false
 
 # Providers configuration
 providers: