keep the script inside your repo so when we clone the repo we just need to run this .sh file our environment will be set up for the developer and all the vulnerability checks in code and wont allow the to commit to code repo