diff --git a/.github/workflows/debian.yml b/.github/workflows/debian.yml
index 829aab2..9746d8a 100644
--- a/.github/workflows/debian.yml
+++ b/.github/workflows/debian.yml
@@ -9,7 +9,7 @@ jobs:
     name: Update vuln-list-debian
     runs-on: ubuntu-latest
     env:
-      GITHUB_TOKEN: ${{ secrets.ACCESS_TOKEN }}
+      GITHUB_TOKEN: ${{ secrets.ORG_REPO_TOKEN }}
       VULN_LIST_DIR: "vuln-list-debian"
     steps:
     - name: Check out code
@@ -24,7 +24,7 @@ jobs:
       uses: actions/checkout@v4
       with:
         repository: ${{ github.repository_owner }}/${{ env.VULN_LIST_DIR }}
-        token: ${{ secrets.ACCESS_TOKEN }}
+        token: ${{ secrets.ORG_REPO_TOKEN }}
         path: ${{ env.VULN_LIST_DIR }}
 
     - name: Setup github user email and name
@@ -37,4 +37,4 @@ jobs:
 
     - if: always()
       name: Debian Security Bug Tracker
-      run: ./update.sh debian "Debian Security Bug Tracker"
\ No newline at end of file
+      run: ./scripts/update.sh debian "Debian Security Bug Tracker"
\ No newline at end of file
diff --git a/.github/workflows/k8s.yml b/.github/workflows/k8s.yml
index f0c65a8..86c09e8 100644
--- a/.github/workflows/k8s.yml
+++ b/.github/workflows/k8s.yml
@@ -9,7 +9,7 @@ jobs:
     name: Update vuln-list-k8s
     runs-on: ubuntu-latest
     env:
-      GITHUB_TOKEN: ${{ secrets.ACCESS_TOKEN }}
+      GITHUB_TOKEN: ${{ secrets.ORG_REPO_TOKEN }}
       VULN_LIST_DIR: "vuln-list-k8s"
       REPOSITORY_OWNER: ${{ github.repository_owner }}
     steps:
@@ -25,7 +25,7 @@ jobs:
       uses: actions/checkout@v4
       with:
         repository: ${{ env.REPOSITORY_OWNER }}/${{ env.VULN_LIST_DIR }}
-        token: ${{ secrets.ACCESS_TOKEN }}
+        token: ${{ secrets.ORG_REPO_TOKEN }}
         path: ${{ env.VULN_LIST_DIR }}
 
     - name: Setup github user email and name
@@ -38,4 +38,4 @@ jobs:
 
     - if: always()
       name: K8s official vulnerability advisory
-      run: ./create_pr.sh k8s
\ No newline at end of file
+      run: ./scripts/create_pr.sh k8s
\ No newline at end of file
diff --git a/.github/workflows/nvd.yml b/.github/workflows/nvd.yml
index a642d2b..e3daf1f 100644
--- a/.github/workflows/nvd.yml
+++ b/.github/workflows/nvd.yml
@@ -9,7 +9,7 @@ jobs:
     name: Update vuln-list-nvd
     runs-on: ubuntu-latest
     env:
-      GITHUB_TOKEN: ${{ secrets.ACCESS_TOKEN }}
+      GITHUB_TOKEN: ${{ secrets.ORG_REPO_TOKEN }}
       VULN_LIST_DIR: "vuln-list-nvd"
     steps:
     - name: Check out code
@@ -24,7 +24,7 @@ jobs:
       uses: actions/checkout@v4
       with:
         repository: ${{ github.repository_owner }}/${{ env.VULN_LIST_DIR }}
-        token: ${{ secrets.ACCESS_TOKEN }}
+        token: ${{ secrets.ORG_REPO_TOKEN }}
         path: ${{ env.VULN_LIST_DIR }}
 
     - name: Setup github user email and name
@@ -37,4 +37,4 @@ jobs:
 
     - if: always()
       name: NVD
-      run: ./update.sh nvd "NVD"
\ No newline at end of file
+      run: ./scripts/update.sh nvd "NVD"
\ No newline at end of file
diff --git a/.github/workflows/redhat.yml b/.github/workflows/redhat.yml
index 6f22bee..7619b73 100644
--- a/.github/workflows/redhat.yml
+++ b/.github/workflows/redhat.yml
@@ -9,7 +9,7 @@ jobs:
     name: Update vuln-list-redhat
     runs-on: ubuntu-latest
     env:
-      GITHUB_TOKEN: ${{ secrets.ACCESS_TOKEN }}
+      GITHUB_TOKEN: ${{ secrets.ORG_REPO_TOKEN }}
       VULN_LIST_DIR: "vuln-list-redhat"
     steps:
     - name: Check out code
@@ -24,7 +24,7 @@ jobs:
       uses: actions/checkout@v4
       with:
         repository: ${{ github.repository_owner }}/${{ env.VULN_LIST_DIR }}
-        token: ${{ secrets.ACCESS_TOKEN }}
+        token: ${{ secrets.ORG_REPO_TOKEN }}
         path: ${{ env.VULN_LIST_DIR }}
 
     - name: Setup github user email and name
@@ -37,8 +37,8 @@ jobs:
 
     - if: always()
       name: Red Hat OVALv2
-      run: ./update.sh redhat-oval "Red Hat OVAL v2"
+      run: ./scripts/update.sh redhat-oval "Red Hat OVAL v2"
 
     - if: always()
       name: Red Hat Security Data API
-      run: ./update.sh redhat "Red Hat Security Data API"
\ No newline at end of file
+      run: ./scripts/update.sh redhat "Red Hat Security Data API"
\ No newline at end of file
diff --git a/.github/workflows/squash.yml b/.github/workflows/squash.yml
index 8733301..65d57c3 100644
--- a/.github/workflows/squash.yml
+++ b/.github/workflows/squash.yml
@@ -23,7 +23,7 @@ jobs:
       uses: actions/checkout@v4
       with:
         repository: ${{ github.repository_owner }}/vuln-list
-        token: ${{ secrets.ACCESS_TOKEN }}
+        token: ${{ secrets.ORG_REPO_TOKEN }}
         path: vuln-list
         fetch-depth: 2000
 
@@ -32,4 +32,4 @@ jobs:
         cd vuln-list
         git replace -f --graft $(git rev-list --max-parents=0 HEAD)
         git filter-repo --force
-        git push --force --set-upstream https://${{ secrets.ACCESS_TOKEN }}@github.com/${{ github.repository_owner }}/vuln-list.git main
+        git push --force --set-upstream https://${{ secrets.ORG_REPO_TOKEN }}@github.com/${{ github.repository_owner }}/vuln-list.git main
diff --git a/.github/workflows/update.yml b/.github/workflows/update.yml
index 816f609..a099660 100644
--- a/.github/workflows/update.yml
+++ b/.github/workflows/update.yml
@@ -9,7 +9,7 @@ jobs:
     name: Update repo vuln-list
     runs-on: ubuntu-latest
     env:
-      GITHUB_TOKEN: ${{ secrets.ACCESS_TOKEN }}
+      GITHUB_TOKEN: ${{ secrets.ORG_REPO_TOKEN }}
       VULN_LIST_DIR: "vuln-list"
     steps:
     - name: Check out code
@@ -24,7 +24,7 @@ jobs:
       uses: actions/checkout@v4
       with:
         repository: ${{ github.repository_owner }}/vuln-list
-        token: ${{ secrets.ACCESS_TOKEN }}
+        token: ${{ secrets.ORG_REPO_TOKEN }}
         path: ${{ env.VULN_LIST_DIR }}
 
     - name: Setup github user email and name
@@ -37,64 +37,64 @@ jobs:
 
     - if: always()
       name: Alpine Issue Tracker
-      run: ./update.sh alpine "Alpine Issue Tracker"
+      run: ./scripts/update.sh alpine "Alpine Issue Tracker"
 
     - if: always()
       name: Alpine Unfixed Vulnerability Tracker
-      run: ./update.sh alpine-unfixed "Alpine Secshfixes Tracker"
+      run: ./scripts/update.sh alpine-unfixed "Alpine Secshfixes Tracker"
 
     - if: always()
       name: Ubuntu CVE Tracker
-      run: ./update.sh ubuntu "Ubuntu CVE Tracker"
+      run: ./scripts/update.sh ubuntu "Ubuntu CVE Tracker"
 
     - if: always()
       name: Amazon Linux AMI Security Advisory
-      run: ./update.sh amazon "Amazon Linux Security Center"
+      run: ./scripts/update.sh amazon "Amazon Linux Security Center"
 
     - if: always()
       name: Oracle Linux OVAL
-      run: ./update.sh oracle-oval "Oracle Linux OVAL"
+      run: ./scripts/update.sh oracle-oval "Oracle Linux OVAL"
 
     - if: always()
       name: Photon CVE Advisory
-      run: ./update.sh photon "Photon Security Advisories"
+      run: ./scripts/update.sh photon "Photon Security Advisories"
 
     - if: always()
       name: GitHub Security Advisory
-      run: ./update.sh ghsa "GitHub Security Advisory"
+      run: ./scripts/update.sh ghsa "GitHub Security Advisory"
 
     - if: always()
       name: CWE
-      run: ./update.sh cwe "CWE"
+      run: ./scripts/update.sh cwe "CWE"
 
     - if: always()
       name: SUSE CVRF
-      run: ./update.sh suse-cvrf "SUSE CVRF"
+      run: ./scripts/update.sh suse-cvrf "SUSE CVRF"
 
     - if: always()
       name: GitLab Advisory Database
-      run: ./update.sh glad "GitLab Advisory Database"
+      run: ./scripts/update.sh glad "GitLab Advisory Database"
 
     - if: always()
       name: AlmaLinux Security Advisory
-      run: ./update.sh alma "AlmaLinux Security Advisory"
+      run: ./scripts/update.sh alma "AlmaLinux Security Advisory"
 
     - if: always()
       name: Rocky Linux Security Advisory
-      run: ./update.sh rocky "Rocky Linux Security Advisory"
+      run: ./scripts/update.sh rocky "Rocky Linux Security Advisory"
 
     - if: always()
       name: CBL-Mariner Vulnerability Data
-      run: ./update.sh mariner "CBL-Mariner Vulnerability Data"
+      run: ./scripts/update.sh mariner "CBL-Mariner Vulnerability Data"
 
     - if: always()
       name: OSV Database
-      run: ./update.sh osv "OSV Database"
+      run: ./scripts/update.sh osv "OSV Database"
 
     - if: always()
       name: Wolfi Secdb
-      run: ./update.sh wolfi "Wolfi Security Data"
+      run: ./scripts/update.sh wolfi "Wolfi Security Data"
 
     - if: always()
       name: Chainguard Secdb
-      run: ./update.sh chainguard "Chainguard Security Data"
\ No newline at end of file
+      run: ./scripts/update.sh chainguard "Chainguard Security Data"
\ No newline at end of file
diff --git a/push.sh b/push.sh
deleted file mode 100755
index 1c10b05..0000000
--- a/push.sh
+++ /dev/null
@@ -1,16 +0,0 @@
-#!/bin/sh
-
-DIR=$1
-ADD=$2
-MESSAGE=$3
-
-cd $DIR
-git add $2
-git commit -m "$3"
-ret=$?
-
-if [ $ret = 0 ]; then
-  git push https://${GITHUB_TOKEN}@github.com/aquasecurity/vuln-list.git main
-else
-  echo "skip push"
-fi
diff --git a/create_pr.sh b/scripts/create_pr.sh
similarity index 98%
rename from create_pr.sh
rename to scripts/create_pr.sh
index a7f0836..908b23e 100755
--- a/create_pr.sh
+++ b/scripts/create_pr.sh
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/bin/bash -eu
 
 TARGET=$1
 
diff --git a/update.sh b/scripts/update.sh
similarity index 95%
rename from update.sh
rename to scripts/update.sh
index e3b8349..a8e338a 100755
--- a/update.sh
+++ b/scripts/update.sh
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/bin/bash -eu
 
 TARGET=$1
 COMMIT_MSG=$2