diff --git a/Taskfile.yml b/Taskfile.yml
index d8bd07e..968f0f4 100644
--- a/Taskfile.yml
+++ b/Taskfile.yml
@@ -96,6 +96,12 @@ tasks:
     env:
       IMAGE_TAG:
 
+  nosey:
+    desc: start noseyparker to ensure no secrets or passwords are committed
+    cmds:
+      - noseyparker scan --datastore=$(basename $PWD).np --ignore=.gitignore --color=always --progress=always .
+      - noseyparker report --datastore=$(basename $PWD).np
+
   venv:
     desc: execute a python3 command using the virtualenv wrapper
     cmd: '{{.PYTHON_WRAPPER}} {{.CLI_ARGS}}'
diff --git a/collections/ansible_collections/nullified/infrastructure/roles/common/templates/home/.zsh_completions b/collections/ansible_collections/nullified/infrastructure/roles/common/templates/home/.zsh_completions
index ab123b0..507d54f 100644
--- a/collections/ansible_collections/nullified/infrastructure/roles/common/templates/home/.zsh_completions
+++ b/collections/ansible_collections/nullified/infrastructure/roles/common/templates/home/.zsh_completions
@@ -19,3 +19,4 @@ autoload -U compinit && compinit
 command -v boundary &> /dev/null && complete -o nospace -C /usr/bin/boundary boundary || true
 command -v molecule &> /dev/null && source <(_MOLECULE_COMPLETE=zsh_source molecule) || true
 command -v helm &> /dev/null && source <(helm completion zsh) || true
+command -v noseyparker &> /dev/null && source <(noseyparker shell-completions --shell zsh) || true
diff --git a/collections/ansible_collections/nullified/infrastructure/roles/workstation/tasks/main.yml b/collections/ansible_collections/nullified/infrastructure/roles/workstation/tasks/main.yml
index 3a24307..28e433c 100644
--- a/collections/ansible_collections/nullified/infrastructure/roles/workstation/tasks/main.yml
+++ b/collections/ansible_collections/nullified/infrastructure/roles/workstation/tasks/main.yml
@@ -118,6 +118,13 @@
         - tar -zxf {asset_dirname}/{asset_filename}
         - cd $(find . -maxdepth 1 -name terminator\* -type d); python3 setup.py build; python3 setup.py install --single-version-externally-managed --record=install-files.txt
         - rm -rf {asset_dirname}/{asset_filename}
+    - asset_name:  noseyparker-{version}-x86_64-unknown-linux-gnu.tar.gz
+      asset_type: release
+      repository: praetorian-inc/noseyparker
+      creates: /usr/local/bin/noseyparker
+      cmds:
+        - tar -zxf {asset_dirname}/{asset_filename}
+        - install --group=root --mode=755 --owner=root bin/noseyparker /usr/local/bin
 
 - name: '[ruby] install tools'
   become: true