diff --git a/.abf.yml b/.abf.yml
index 2749f56..3f3f284 100644
--- a/.abf.yml
+++ b/.abf.yml
@@ -1,2 +1,2 @@
 sources:
-  gh-2.51.0.tar.gz: e844b5b8a243931c0d169826ab82a99d9a9cea37
+  gh-2.52.0.tar.gz: a99481bf6c2e67c9aa16d428253183a8229f467c
diff --git a/gh.spec b/gh.spec
index 08fcdd6..d605e31 100644
--- a/gh.spec
+++ b/gh.spec
@@ -1,9 +1,9 @@
 %define     debug %nil
 %define     debug_package %nil
-
+%define     secscan 1
 
 Name:       gh
-Version:    2.51.0
+Version:    2.52.0
 Release:    1
 Summary:    github cli
 URL:        https://cli.github.com
@@ -11,9 +11,15 @@ Source0:    https://github.com/cli/cli/archive/v%{version}/%{name}-%{version}.ta
 License:    MIT
 Group:      Development/Other
 BuildRequires:  go > 1.16
-BuildRequires:  git
+BuildRequires:  git-core
 BuildRequires:  upx
 
+%if %{secscan}
+BuildRequires:  clamav
+BuildRequires:  trivy
+%endif
+
+
 %description
 gh is GitHub on the command line, and it's now available
 in beta. It brings pull requests, issues, and other GitHub
@@ -23,9 +29,14 @@ concepts to the terminal next to where you are already
 %prep
 %setup -qn cli-%{version}
 
+%if %{secscan}
+clamscan -ir .
+trivy fs --scanners vuln --format cosign-vuln .
+%endif
+
 %build
 export GOPROXY=https://proxy.golang.org/cached-only
-%make
+%make VERSION=%{version}
 
 # bin package
 upx bin/%{name}
@@ -38,3 +49,12 @@ install -Dm0755 bin/%{name} %{buildroot}%{_bindir}/%{name}
 %doc README.md LICENSE
 %{_bindir}/%{name}
 
+%check
+export GOPROXY=direct
+go test ./...
+
+%if %{secscan}
+clamscan -ir %{buildroot}
+%endif
+
+%{buildroot}%{_bindir}/%{name} --version