diff --git a/.dockerignore b/.dockerignore
index 8b29db5..8ae8ce5 100644
--- a/.dockerignore
+++ b/.dockerignore
@@ -1,2 +1,2 @@
 __pycache__/
-.idea/
\ No newline at end of file
+.idea/
diff --git a/.gitignore b/.gitignore
index c9863f8..77ee514 100644
--- a/.gitignore
+++ b/.gitignore
@@ -11,4 +11,4 @@ __pycache__/
 .env
 .venv
 env/
-venv/
\ No newline at end of file
+venv/
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
new file mode 100644
index 0000000..0fca092
--- /dev/null
+++ b/.pre-commit-config.yaml
@@ -0,0 +1,16 @@
+# See https://pre-commit.com for more information
+# See https://pre-commit.com/hooks.html for more hooks
+repos:
+-   repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v6.0.0
+    hooks:
+    -   id: trailing-whitespace
+    -   id: end-of-file-fixer
+    -   id: check-yaml
+    -   id: check-added-large-files
+-  repo: https://github.com/pylint-dev/pylint
+   rev: v4.0.2
+   hooks:
+   - id: pylint
+     args: ['--disable', 'R1705,C0301,W0511,R0903,W0718,R0911']
+     language: system
diff --git a/Dockerfile b/Dockerfile
index 328e5e4..cc194ad 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -8,4 +8,4 @@ RUN python3 -m pip install --no-cache-dir -r requirements.txt && \
     sed -i 's/from jinja2 import/from markupsafe import/g' /usr/local/lib/python3.13/site-packages/flask_recaptcha.py
 
 EXPOSE 5000
-CMD ["waitress-serve", "--host=0.0.0.0", "--port=5000", "--threads=8", "run:app"]
\ No newline at end of file
+CMD ["waitress-serve", "--host=0.0.0.0", "--port=5000", "--threads=8", "run:app"]
diff --git a/README.md b/README.md
index 4fab36e..f5d04dc 100644
--- a/README.md
+++ b/README.md
@@ -2,7 +2,7 @@
 
 ## Features
 
-- Multi containers 
+- Multi containers
 - Multi exposed ports
 - Each challenge are in a separate network
 - Relation between containers using `hostname`
@@ -50,7 +50,7 @@ export DEBUG=1
 sudo -E python3 run.py
 ```
 
-> You can utilize the `ADMIN_ONLY` flag to restrict login to administrators only. It's useful for testing your challenges before the beginning of the CTF. 
+> You can utilize the `ADMIN_ONLY` flag to restrict login to administrators only. It's useful for testing your challenges before the beginning of the CTF.
 
 ## Deployment
 
@@ -100,7 +100,6 @@ All the slaves must build all docker images present in the `config.json` file (i
 
 ## Todo
 
-- pylint
 - add more docs about `config.json` format
 - Extend instance feature
 - Display connection string (ex: ssh -p ..., http://host:port, nc host port, ...)
diff --git a/app/app.py b/app/app.py
index eced117..5d9dd70 100644
--- a/app/app.py
+++ b/app/app.py
@@ -1,3 +1,5 @@
+''' Base flask '''
+
 import logging
 from os import getenv
 from secrets import token_hex
@@ -8,6 +10,7 @@
 
 
 def create_app():
+    ''' Base flask app '''
     app = Flask(__name__)
 
     app.secret_key = token_hex()
diff --git a/app/auth.py b/app/auth.py
index ebd5a6f..420b775 100644
--- a/app/auth.py
+++ b/app/auth.py
@@ -1,9 +1,12 @@
+''' App authentication '''
+
 from functools import wraps
 
 from flask import redirect, session, url_for
 
 
 def login_required(f):
+    ''' Login check '''
     @wraps(f)
     def wrap(*args, **kwargs):
         if session and session["verified"]:
@@ -15,6 +18,7 @@ def wrap(*args, **kwargs):
 
 
 def admin_required(f):
+    ''' Admin check '''
     @wraps(f)
     def wrap(*args, **kwargs):
         if session and session["admin"]:
diff --git a/app/config.py b/app/config.py
index a56c8ce..85f0889 100644
--- a/app/config.py
+++ b/app/config.py
@@ -1,3 +1,5 @@
+''' Configuration '''
+
 #!/usr/bin/env python3
 from json import load
 from os import getenv
@@ -7,7 +9,7 @@
 DEBUG = getenv("DEBUG", "").strip().upper() in ["1", "TRUE"]
 ADMIN_ONLY = getenv("ADMIN_ONLY", "").strip().upper() in ["1", "TRUE"]
 
-with open("config.json", "r") as config_file:
+with open("config.json", "r", encoding="utf-8") as config_file:
     config = load(config_file)
 
     WEBSITE_TITLE = config["website_title"]
diff --git a/app/database.py b/app/database.py
index 2e1eeb6..d9714b9 100644
--- a/app/database.py
+++ b/app/database.py
@@ -1,3 +1,5 @@
+''' Database connexion '''
+
 from flask_sqlalchemy import SQLAlchemy
 
-db = SQLAlchemy()
\ No newline at end of file
+db = SQLAlchemy()
diff --git a/app/models.py b/app/models.py
index 98b5808..1daa305 100644
--- a/app/models.py
+++ b/app/models.py
@@ -1,3 +1,5 @@
+''' Database models '''
+
 from datetime import datetime
 
 from app.database import db
diff --git a/app/templates/admin.html b/app/templates/admin.html
index 05e2560..d2cdffa 100644
--- a/app/templates/admin.html
+++ b/app/templates/admin.html
@@ -11,20 +11,20 @@ <h3>{{ instances_count }} container{% if instances_count > 1 %}s{% endif %} runn
 <div class="row center full_width">
 	<div class="terminal full_width" style="overflow-x: auto;">
 		<h2 style="margin-top: 0; text-align: center;">All Instances</h2>
-		
+
 		<div style="margin-bottom: 1em; display: flex; gap: 1em; align-items: center; flex-wrap: wrap;">
 			<div style="display: flex; align-items: center; gap: 0.5em; width: 38%; min-width: 350px;">
 				<div class="form-group" style="margin-bottom: 0; flex: 1; min-width: 0; width: 100%;">
-					<input 
-						type="text" 
-						id="search-input" 
+					<input
+						type="text"
+						id="search-input"
 						placeholder="Search by team, username, image, or instance name..."
 						style="flex: 1; min-width: 0; width: 100%;"
 					>
 				</div>
-				<button 
-					type="button" 
-					id="clear-search" 
+				<button
+					type="button"
+					id="clear-search"
 					class="clear-search-btn"
 					style="display: none; flex-shrink: 0;"
 					title="Clear search"
@@ -38,7 +38,7 @@ <h2 style="margin-top: 0; text-align: center;">All Instances</h2>
 				</button>
 			</div>
 		</div>
-		
+
 		<table class="full_width">
 			<thead>
 				<tr>
@@ -117,7 +117,7 @@ <h2 style="margin: 0;" id="alert-title">Notification</h2>
 		// Search functionality
 		const searchInput = document.getElementById('search-input');
 		const clearSearchBtn = document.getElementById('clear-search');
-		
+
 		function updateClearButton() {
 			if (clearSearchBtn && searchInput) {
 				if (searchInput.value && searchInput.value.trim() !== '') {
@@ -129,7 +129,7 @@ <h2 style="margin: 0;" id="alert-title">Notification</h2>
 				}
 			}
 		}
-		
+
 		if (searchInput) {
 			searchInput.addEventListener('input', function(e) {
 				const query = e.target.value.toLowerCase().trim();
@@ -220,17 +220,17 @@ <h2 style="margin: 0;" id="alert-title">Notification</h2>
 
 	function filterAndRender(query) {
 		let filtered = allContainers;
-		
+
 		if (query) {
 			filtered = allContainers.filter(container => {
 				const team = (container.team || '').toLowerCase();
 				const username = (container.username || '').toLowerCase();
 				const image = (container.image || '').toLowerCase();
 				const instanceName = (container.instance_name || '').toLowerCase();
-				
-				return team.includes(query) || 
-				       username.includes(query) || 
-				       image.includes(query) || 
+
+				return team.includes(query) ||
+				       username.includes(query) ||
+				       image.includes(query) ||
 				       instanceName.includes(query);
 			});
 		}
@@ -267,7 +267,7 @@ <h2 style="margin: 0;" id="alert-title">Notification</h2>
 		// Get current search query
 		const searchInput = document.getElementById('search-input');
 		const query = searchInput ? searchInput.value.toLowerCase().trim() : '';
-		
+
 		// Filter and sort
 		let filtered = allContainers;
 		if (query) {
@@ -276,10 +276,10 @@ <h2 style="margin: 0;" id="alert-title">Notification</h2>
 				const username = (container.username || '').toLowerCase();
 				const image = (container.image || '').toLowerCase();
 				const instanceName = (container.instance_name || '').toLowerCase();
-				
-				return team.includes(query) || 
-				       username.includes(query) || 
-				       image.includes(query) || 
+
+				return team.includes(query) ||
+				       username.includes(query) ||
+				       image.includes(query) ||
 				       instanceName.includes(query);
 			});
 		}
@@ -361,17 +361,17 @@ <h2 style="margin: 0;" id="alert-title">Notification</h2>
 
 			titleEl.textContent = title;
 			messageEl.textContent = message;
-			
+
 			// Remove previous styling classes
 			modalContent.classList.remove('alert-success', 'alert-error');
-			
+
 			// Add appropriate styling based on title
 			if (title === 'Success') {
 				modalContent.classList.add('alert-success');
 			} else if (title === 'Error') {
 				modalContent.classList.add('alert-error');
 			}
-			
+
 			modal.classList.add('show');
 
 			const close = () => {
diff --git a/app/templates/base.html b/app/templates/base.html
index 3195deb..eca8d8c 100644
--- a/app/templates/base.html
+++ b/app/templates/base.html
@@ -27,7 +27,7 @@
 		</nav>
 		{% endif %}
 		{% endblock %}
-		
+
 		{% block modal %}
 		{% if session and session.get("verified") %}
 		<!-- Info Modal -->
@@ -56,7 +56,7 @@ <h2 style="margin: 0;">Information</h2>
 			{% block main %}
 			{% endblock %}
 		</main>
-		
+
 		{% block scripts %}
 		{% if session and session.get("verified") %}
 		<script>
@@ -137,4 +137,4 @@ <h2 style="margin: 0;">Information</h2>
 		{% endif %}
 		{% endblock %}
 	</body>
-</html>
\ No newline at end of file
+</html>
diff --git a/app/templates/index.html b/app/templates/index.html
index d3ce9ce..1bbabea 100644
--- a/app/templates/index.html
+++ b/app/templates/index.html
@@ -10,7 +10,7 @@ <h1>Welcome {{ session["user_name"] }}!</h1>
 <div class="row center">
 	<div class="terminal">
 		<h2 style="margin-top: 0; text-align: center;">Deploy New Instance</h2>
-		
+
 		{% with messages = get_flashed_messages(with_categories=true) %}
 			{% if messages %}
 				{% for color, message in messages %}
@@ -26,7 +26,7 @@ <h2 style="margin-top: 0; text-align: center;">Deploy New Instance</h2>
 				<span class="green_prefix size_up">$</span>
 				<label for="challenge_name">Challenge to run:</label>
 			</div>
-			
+
 			<div class="form-group">
 				<span class="green_prefix">&nbsp;&gt;</span>
 				<select name="challenge_name" id="challenge_name" required>
@@ -36,13 +36,13 @@ <h2 style="margin-top: 0; text-align: center;">Deploy New Instance</h2>
 					{% endfor %}
 				</select>
 			</div>
-			
+
 			{% if config['ENABLE_RECAPTCHA'] %}
 				<div class="form-group" style="margin: 1.5em 0;">
 					{{ recaptcha }}
 				</div>
 			{% endif %}
-			
+
 			<div class="form-row" style="margin-top: 1.5em;">
 				<span class="green_prefix size_up">$</span>
 				<div class="green_prefix typing width_90 pointer" onclick="document.getElementById('submit').click()" style="flex: 1;">Run instance</div>
@@ -56,7 +56,7 @@ <h2 style="margin-top: 0; text-align: center;">Deploy New Instance</h2>
 <div class="row center" style="margin-top: 2em;">
 	<div class="terminal" style="width: 90%; max-width: 1200px;">
 		<h3 style="margin-top: 0; text-align: center;">Instances of your team <span class="green_prefix">{{ session['team_name'] }}</span>:</h3>
-		
+
 		{% for key, challenge in challenges_info.items() %}
 			<div class="instance-card">
 				{% for container in challenge %}
@@ -265,17 +265,17 @@ <h2 style="margin: 0;" id="alert-title">Notification</h2>
 
 			titleEl.textContent = title;
 			messageEl.textContent = message;
-			
+
 			// Remove previous styling classes
 			modalContent.classList.remove('alert-success', 'alert-error');
-			
+
 			// Add appropriate styling based on title
 			if (title === 'Success') {
 				modalContent.classList.add('alert-success');
 			} else if (title === 'Error') {
 				modalContent.classList.add('alert-error');
 			}
-			
+
 			modal.classList.add('show');
 
 			const close = () => {
@@ -307,7 +307,7 @@ <h2 style="margin: 0;" id="alert-title">Notification</h2>
 		button.addEventListener('click', async function(e) {
 			e.preventDefault();
 			const validation = await customConfirm('Are you sure you want to remove your instance?', 'Remove Instance');
-			
+
 			if (validation) {
 				fetch('{{ url_for("remove_me") }}')
 					.then((resp) => resp.json())
@@ -333,14 +333,14 @@ <h2 style="margin: 0;" id="alert-title">Notification</h2>
 		if (!timeStr || timeStr.includes('shortly') || timeStr.includes('deleted')) {
 			return null; // Invalid or expired
 		}
-		
+
 		const match = timeStr.match(/(\d+)m(\d+)s/);
 		if (match) {
 			const minutes = parseInt(match[1], 10);
 			const seconds = parseInt(match[2], 10);
 			return minutes * 60 + seconds;
 		}
-		
+
 		return null;
 	}
 
@@ -348,7 +348,7 @@ <h2 style="margin: 0;" id="alert-title">Notification</h2>
 		if (totalSeconds <= 0) {
 			return 'This instance will be deleted shortly...';
 		}
-		
+
 		const minutes = Math.floor(totalSeconds / 60);
 		const seconds = totalSeconds % 60;
 		return `${minutes.toString().padStart(2, '0')}m${seconds.toString().padStart(2, '0')}s`;
@@ -358,7 +358,7 @@ <h2 style="margin: 0;" id="alert-title">Notification</h2>
 		document.querySelectorAll('.time-remaining').forEach(element => {
 			const initialTime = element.getAttribute('data-initial-time');
 			if (!initialTime) return;
-			
+
 			const initialSeconds = parseTimeRemaining(initialTime);
 			if (initialSeconds === null) {
 				// Already expired or invalid
@@ -367,17 +367,17 @@ <h2 style="margin: 0;" id="alert-title">Notification</h2>
 				}
 				return;
 			}
-			
+
 			// Calculate elapsed time since page load
 			const now = Date.now();
 			if (!element.dataset.startTime) {
 				element.dataset.startTime = now.toString();
 			}
-			
+
 			const startTime = parseInt(element.dataset.startTime, 10);
 			const elapsedSeconds = Math.floor((now - startTime) / 1000);
 			const remainingSeconds = Math.max(0, initialSeconds - elapsedSeconds);
-			
+
 			element.textContent = formatTimeRemaining(remainingSeconds);
 		});
 	}
diff --git a/app/templates/login.html b/app/templates/login.html
index 27e1c7d..d34d8e6 100644
--- a/app/templates/login.html
+++ b/app/templates/login.html
@@ -12,7 +12,7 @@ <h4>Do not forget to set a valid expiration date for the token.</h4>
 <div class="row center">
 	<div class="terminal" style="max-width: 600px;">
 		<h2 style="margin-top: 0; text-align: center;">Login</h2>
-		
+
 		{% if error %}
 			<div class="flash-message red" style="margin-bottom: 1em;">
 				<p style="margin: 0;">Error: {{ message }}</p>
@@ -24,20 +24,20 @@ <h2 style="margin-top: 0; text-align: center;">Login</h2>
 				<span class="green_prefix size_up">$</span>
 				<label for="access_key">CTFd Access Token</label>
 			</div>
-			
+
 			<div class="form-group">
 				<span class="green_prefix">&nbsp;&gt;</span>
-				<input 
-					placeholder="Enter your access token" 
-					type="text" 
-					name="access_key" 
+				<input
+					placeholder="Enter your access token"
+					type="text"
+					name="access_key"
 					id="access_key"
 					required
 					autocomplete="off"
 					autofocus
 				>
 			</div>
-			
+
 			<div class="form-group" style="margin-top: 1.5em; justify-content: center;">
 				<button type="submit" style="width: 100%; max-width: 300px;">Login</button>
 			</div>
diff --git a/app/templates/run.html b/app/templates/run.html
index 5492fa1..6db820a 100644
--- a/app/templates/run.html
+++ b/app/templates/run.html
@@ -24,10 +24,10 @@ <h4>Connection</h4>
 				<p><pre>ssh change_me@{{ host }} -p {{ port }}</pre></p>
 				<br>
 				<p>User and password for SSH are in the challenge description.</p>
-			{% endif %}			
+			{% endif %}
 		</div>
 
 		<a href="{{ url_for('index')}}">Go back</a>
 	</div>
 </div>
-{% endblock %}
\ No newline at end of file
+{% endblock %}
diff --git a/app/utils.py b/app/utils.py
index 0d11026..a0e00d8 100644
--- a/app/utils.py
+++ b/app/utils.py
@@ -1,3 +1,5 @@
+''' All app utils '''
+
 #!/usr/bin/env python3
 import random
 import re
@@ -281,6 +283,7 @@ def check_access_key(key: str) -> tuple[bool, str, dict]:
                 "Authorization": f"Token {key}",
                 "Content-Type": "application/json",
             },
+            timeout=30,
         ).json()
 
         success = resp_json.get("success", False)
@@ -298,6 +301,7 @@ def check_access_key(key: str) -> tuple[bool, str, dict]:
                 "Authorization": f"Token {key}",
                 "Content-Type": "application/json",
             },
+            timeout=30,
         ).json()
         user["team_name"] = resp_json.get("data", {}).get("name", "")
 
@@ -307,6 +311,7 @@ def check_access_key(key: str) -> tuple[bool, str, dict]:
                 "Authorization": f"Token {key}",
                 "Content-Type": "application/json",
             },
+            timeout=30,
         ).json()
         user["is_admin"] = resp_json.get("success", False)
         return True, "", user
diff --git a/docker-compose.yml b/docker-compose.yml
index a63592e..9a29f90 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -33,6 +33,6 @@ services:
     volumes:
       - ./data/:/var/lib/postgresql/
     environment:
-      POSTGRES_USER: ${POSTGRES_USER:?Please provide a PostgreSQL username} 
-      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:?Please provide a PostgreSQL password.}  
+      POSTGRES_USER: ${POSTGRES_USER:?Please provide a PostgreSQL username}
+      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:?Please provide a PostgreSQL password.}
       POSTGRES_DB: ${POSTGRES_DB:?Please provide a PostgreSQL database name.}
diff --git a/run.py b/run.py
index ae46c63..dd70cac 100644
--- a/run.py
+++ b/run.py
@@ -1,3 +1,5 @@
+''' App runner '''
+
 #!/usr/bin/env python3
 from datetime import datetime, timedelta
 from typing import Any