diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 646359fb331..bd1eae59dee 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -7,6 +7,10 @@ updates:
     commit-message:
       prefix: "ci"
       include: "scope"
+    groups:
+      all:
+        patterns:
+          - "*"
   - package-ecosystem: "gomod"
     directory: "/"
     schedule:
@@ -14,6 +18,10 @@ updates:
     commit-message:
       prefix: "build"
       include: "scope"
+    groups:
+      all:
+        patterns:
+          - "*"
   - package-ecosystem: "docker"
     directory: "/"
     schedule:
@@ -21,3 +29,7 @@ updates:
     commit-message:
       prefix: "ci"
       include: "scope"
+    groups:
+      all:
+        patterns:
+          - "*"
diff --git a/.github/scripts/report/go.mod b/.github/scripts/report/go.mod
index 7dfaa862ee4..c5770bf7aab 100644
--- a/.github/scripts/report/go.mod
+++ b/.github/scripts/report/go.mod
@@ -1,6 +1,6 @@
 module github.com/Checkmarx/e2e-report
 
-go 1.23.5
+go 1.23.6
 
 require (
 	github.com/rs/zerolog v1.31.0
diff --git a/.github/workflows/alert-update-flags.yaml b/.github/workflows/alert-update-flags.yaml
index 7c8d92b27de..e9476141624 100644
--- a/.github/workflows/alert-update-flags.yaml
+++ b/.github/workflows/alert-update-flags.yaml
@@ -14,7 +14,7 @@ jobs:
 
     steps:
       - name: Checkout project
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           fetch-depth: 2
       - name: Execute diff and send email
diff --git a/.github/workflows/alert-update-terraform-modules.yaml b/.github/workflows/alert-update-terraform-modules.yaml
index dceef6b6c5e..bcef86d4099 100644
--- a/.github/workflows/alert-update-terraform-modules.yaml
+++ b/.github/workflows/alert-update-terraform-modules.yaml
@@ -11,7 +11,7 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           fetch-depth: 0
       - name: Execute diff and send email
@@ -25,7 +25,7 @@ jobs:
             -c assets/libraries/common.json \
             -u https://registry.terraform.io/v1/modules
       - name: Create Pull Request
-        uses: peter-evans/create-pull-request@c5a7806660adbe173f04e3e038b0ccdcd758773c # v6
+        uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v6
         with:
           title: "feat(queries): update terraform registry data on commons.json"
           token: ${{ secrets.KICS_BOT_PAT }}
diff --git a/.github/workflows/check-apache-license.yaml b/.github/workflows/check-apache-license.yaml
index fda6eab54ce..856735ee502 100644
--- a/.github/workflows/check-apache-license.yaml
+++ b/.github/workflows/check-apache-license.yaml
@@ -12,7 +12,7 @@ jobs:
       USERNAME: ${{ github.event.pull_request.user.login }}
     steps:
     - name: Checkout code
-      uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
       with:
         persist-credentials: false
         sparse-checkout: |
@@ -33,7 +33,7 @@ jobs:
         fi
     - name: Delete comment if license is fixed
       if: env.TAG_EXISTS == 'true'
-      uses: thollander/actions-comment-pull-request@b07c7f86be67002023e6cb13f57df3f21cdd3411
+      uses: thollander/actions-comment-pull-request@e4a76dd2b0a3c2027c3fd84147a67c22ee4c90fa
       with:
         message: |
           Deleting comment...
@@ -42,7 +42,7 @@ jobs:
         GITHUB_TOKEN: ${{ secrets.KICS_BOT_PAT }}
     - name: Add comment if no license
       if: env.CHECK_FAILED == 'true'
-      uses: thollander/actions-comment-pull-request@b07c7f86be67002023e6cb13f57df3f21cdd3411
+      uses: thollander/actions-comment-pull-request@e4a76dd2b0a3c2027c3fd84147a67c22ee4c90fa
       with:
         filePath: .github/scripts/pr-issue-info/apache-check.md
         comment_tag: apache_license
diff --git a/.github/workflows/check-go-coverage.yaml b/.github/workflows/check-go-coverage.yaml
index 1e42a9046f5..97c10395615 100644
--- a/.github/workflows/check-go-coverage.yaml
+++ b/.github/workflows/check-go-coverage.yaml
@@ -13,7 +13,7 @@ jobs:
       color: ${{ steps.testcov.outputs.color }}
     steps:
       - name: Checkout Source
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           fetch-depth: 0
       - name: Set up Go
diff --git a/.github/workflows/go-ci-coverage.yaml b/.github/workflows/go-ci-coverage.yaml
index d5ff32d3515..60ffe7240d0 100644
--- a/.github/workflows/go-ci-coverage.yaml
+++ b/.github/workflows/go-ci-coverage.yaml
@@ -14,7 +14,7 @@ jobs:
       color: ${{ steps.testcov.outputs.color }}
     steps:
       - name: Checkout Source
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           fetch-depth: 0
       - name: Set up Go
@@ -33,11 +33,11 @@ jobs:
           curl -L \
             https://img.shields.io/badge/Go%20Coverage-${{ steps.testcov.outputs.coverage }}%25-${{ steps.testcov.outputs.color }}.svg > coverage.svg
           cat coverage.svg
-      - uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
+      - uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4.6.1
         with:
           name: ${{ runner.os }}-badge-latest
           path: coverage.svg
-      - uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
+      - uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4.6.1
         with:
           name: ${{ runner.os }}-coverage-latest
           path: coverage.html
@@ -47,7 +47,7 @@ jobs:
     needs: coverage
     steps:
       - name: Checkout Source
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           ref: gh-pages
       - name: Configure git commit author
diff --git a/.github/workflows/go-ci-integration.yml b/.github/workflows/go-ci-integration.yml
index dec5339b438..0113a6ab7bd 100644
--- a/.github/workflows/go-ci-integration.yml
+++ b/.github/workflows/go-ci-integration.yml
@@ -15,14 +15,14 @@ jobs:
           cancel_others: false
           paths_ignore: '["docs/**", "**/**.md", "examples"]'
       - name: Check out code into the Go module directory
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           persist-credentials: false
       - name: Set up Docker Buildx
         id: buildx
-        uses: docker/setup-buildx-action@4fd812986e6c8c2a69e18311145f9371337f27d4 # v3.4.0
+        uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0
       - name: Cache Docker layers
-        uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
+        uses: actions/cache@d4323d4df104b026a6aa633fdb11d772146be0bf # v4.2.2
         with:
           path: /tmp/.buildx-cache
           key: ${{ runner.os }}-buildx-${{ github.ref }}
@@ -32,7 +32,7 @@ jobs:
         run: echo "GITHUB_SHA_SHORT=$(echo $GITHUB_SHA | cut -c 1-8)" >> $GITHUB_ENV
       - name: Build
         id: docker_build
-        uses: docker/build-push-action@1ca370b3a9802c92e886402e0dd88098a2533b12 # v6.4.1
+        uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6.15.0
         with:
           load: true
           context: ./
@@ -59,7 +59,7 @@ jobs:
             -p "/path" \
             -o "/path/"
       - name: Archive test logs
-        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
+        uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4.6.1
         if: always()
         with:
           name: integration-logs-${{ github.event.pull_request.head.sha }}
@@ -68,7 +68,7 @@ jobs:
         run: |
           cat  ${PWD}/assets/queries/results.json
       - name: Archive test results
-        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
+        uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4.6.1
         with:
           name: integration-results-${{ github.event.pull_request.head.sha }}
           path: assets/queries/results.json
diff --git a/.github/workflows/go-ci-metrics.yaml b/.github/workflows/go-ci-metrics.yaml
index 7d7f03b1121..fd990185465 100644
--- a/.github/workflows/go-ci-metrics.yaml
+++ b/.github/workflows/go-ci-metrics.yaml
@@ -12,8 +12,8 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout Source
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
-      - uses: actions/setup-python@v4
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - uses: actions/setup-python@v5
         with:
           python-version: "3.x"
       - name: Run test metrics script
@@ -26,7 +26,7 @@ jobs:
           curl -L \
             https://img.shields.io/badge/Queries-${{ steps.metrics.outputs.total_queries }}-blue.svg > queries.svg
           cat queries.svg
-      - uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
+      - uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4.6.1
         with:
           name: ${{ runner.os }}-queries-badge-latest
           path: queries.svg
@@ -36,7 +36,7 @@ jobs:
     needs: metrics
     steps:
       - name: Checkout Source
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           ref: gh-pages
       - name: Configure git commit author
diff --git a/.github/workflows/go-ci.yml b/.github/workflows/go-ci.yml
index a8de9fd3876..02c0853eb15 100644
--- a/.github/workflows/go-ci.yml
+++ b/.github/workflows/go-ci.yml
@@ -9,7 +9,7 @@ jobs:
     name: lint
     runs-on: ubuntu-20.04
     steps:
-      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
       - name: Set up Go
         uses: actions/setup-go@v5
         with:
@@ -25,7 +25,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Check out code
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           persist-credentials: false
           fetch-depth: 0
@@ -48,7 +48,7 @@ jobs:
         with:
           go-version: ${{ matrix.go-version }}
       - name: Check out code into the Go module directory
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           persist-credentials: false
       - name: Get cache paths
@@ -56,7 +56,7 @@ jobs:
         shell: bash
         run: echo "GO_BUILD=$(go env GOCACHE)" >>$GITHUB_OUTPUT
       - name: Cache dependencies
-        uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
+        uses: actions/cache@d4323d4df104b026a6aa633fdb11d772146be0bf # v4.2.2
         with:
           path: ${{ steps.go-cache-paths.outputs.GO_BUILD }}
           key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
@@ -86,7 +86,7 @@ jobs:
           go test -mod=vendor -tags dev -v -timeout 2100s $(go list -tags dev ./... | grep -v e2e) -count=1 -coverprofile=cover.out | tee unit-test.log
       - name: Archive test logs
         if: always()
-        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
+        uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4.6.1
         with:
           name: unit-test-${{ runner.os }}-${{ github.event.pull_request.head.sha }}.log
           path: unit-test.log
@@ -97,15 +97,15 @@ jobs:
       GO111MODULE: on
     steps:
       - name: Checkout Source
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
       - name: Run Gosec Security Scanner
-        uses: securego/gosec@6fbd381238e97e1d1f3358f0d6d65de78dcf9245 # v2.20.0
+        uses: securego/gosec@136f6c00402b11775d4f4a45d5a21e2f6dd99db2 # v2.22.2
         with:
           args: "-no-fail -fmt sarif -out results.sarif ./..."
       - name: Show results
         run: |
           cat results.sarif
       - name: Upload SARIF file
-        uses: github/codeql-action/upload-sarif@2bbafcdd7fbf96243689e764c2f15d9735164f33
+        uses: github/codeql-action/upload-sarif@608ccd6cd915d2c43d3059c3da518f36f07a56b0
         with:
           sarif_file: results.sarif
diff --git a/.github/workflows/go-e2e-debian.yaml b/.github/workflows/go-e2e-debian.yaml
index 265eebe03a5..350fa55e862 100644
--- a/.github/workflows/go-e2e-debian.yaml
+++ b/.github/workflows/go-e2e-debian.yaml
@@ -19,7 +19,7 @@ jobs:
         with:
           access_token: ${{ github.token }}
       - name: Check out code
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           persist-credentials: false
       - name: Set up Go
@@ -42,9 +42,9 @@ jobs:
         working-directory: .github/scripts/server-mock
       - name: Set up Docker Buildx
         id: buildx
-        uses: docker/setup-buildx-action@4fd812986e6c8c2a69e18311145f9371337f27d4 # v3.4.0
+        uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0
       - name: Cache Docker layers
-        uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
+        uses: actions/cache@d4323d4df104b026a6aa633fdb11d772146be0bf # v4.2.2
         with:
           path: /tmp/.buildx-cache
           key: ${{ runner.os }}-buildx-${{ github.ref }}
@@ -57,7 +57,7 @@ jobs:
         run: echo "GITHUB_SHA_SHORT=$(echo $GITHUB_SHA | cut -c 1-8)" >> $GITHUB_ENV
       - name: Build
         id: docker_build
-        uses: docker/build-push-action@1ca370b3a9802c92e886402e0dd88098a2533b12 # v6.4.1
+        uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6.15.0
         with:
           load: true
           context: ./
@@ -100,7 +100,7 @@ jobs:
           DOCKER_NAME=$(echo docker/Dockerfile.debian | sed 's/\//-/')
       - name: Archive test report
         if: always()
-        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
+        uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4.6.1
         with:
           name: e2e-tests-report-dockerfile-$DOCKER_NAME
           path: e2e-report.html
diff --git a/.github/workflows/go-e2e.yaml b/.github/workflows/go-e2e.yaml
index e7efbd6a643..fbff68053b3 100644
--- a/.github/workflows/go-e2e.yaml
+++ b/.github/workflows/go-e2e.yaml
@@ -20,7 +20,7 @@ jobs:
         with:
           access_token: ${{ github.token }}
       - name: Check out code
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           persist-credentials: false
       - name: Set up Go
@@ -43,9 +43,9 @@ jobs:
         working-directory: .github/scripts/server-mock
       - name: Set up Docker Buildx
         id: buildx
-        uses: docker/setup-buildx-action@4fd812986e6c8c2a69e18311145f9371337f27d4 # v3.4.0
+        uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0
       - name: Cache Docker layers
-        uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
+        uses: actions/cache@d4323d4df104b026a6aa633fdb11d772146be0bf # v4.2.2
         with:
           path: /tmp/.buildx-cache
           key: ${{ runner.os }}-buildx-${{ github.ref }}
@@ -55,7 +55,7 @@ jobs:
         run: echo "GITHUB_SHA_SHORT=$(echo $GITHUB_SHA | cut -c 1-8)" >> $GITHUB_ENV
       - name: Build
         id: docker_build
-        uses: docker/build-push-action@1ca370b3a9802c92e886402e0dd88098a2533b12 # v6.4.1
+        uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6.15.0
         with:
           load: true
           context: ./
@@ -99,7 +99,7 @@ jobs:
           echo "DOCKER_NAME=$DOCKER_NAME" >> $GITHUB_ENV
       - name: Archive test report
         if: always()
-        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
+        uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4.6.1
         with:
           name: e2e-tests-report-${{ env.DOCKER_NAME }}
           path: e2e-report.html
diff --git a/.github/workflows/go-generate-antlr-parser.yaml b/.github/workflows/go-generate-antlr-parser.yaml
index c943c73d561..d85847915b9 100644
--- a/.github/workflows/go-generate-antlr-parser.yaml
+++ b/.github/workflows/go-generate-antlr-parser.yaml
@@ -12,11 +12,11 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout Source
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@4fd812986e6c8c2a69e18311145f9371337f27d4 # v3.4.0
+        uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0
       - name: Build ANTLR image
-        uses: docker/build-push-action@1ca370b3a9802c92e886402e0dd88098a2533b12 # v6.4.1
+        uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6.15.0
         id: build_antlr_image
         with:
           context: .
@@ -26,7 +26,7 @@ jobs:
         run: |
           docker run --rm -u $(id -u ${USER}):$(id -g ${USER}) -v $(pwd)/pkg/parser/jsonfilter:/work -it antlr4-generator:dev
       - name: Create Pull Request
-        uses: peter-evans/create-pull-request@c5a7806660adbe173f04e3e038b0ccdcd758773c # v6
+        uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v6
         with:
           title: "chore(parser): updating AWS jsonfilter ANTLR generated parser"
           token: ${{ secrets.KICS_BOT_PAT }}
diff --git a/.github/workflows/go-test-race.yml b/.github/workflows/go-test-race.yml
index 9a260889ba0..c664f7b6982 100644
--- a/.github/workflows/go-test-race.yml
+++ b/.github/workflows/go-test-race.yml
@@ -10,7 +10,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout Source
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           fetch-depth: 0
       - name: Set up Go
@@ -18,7 +18,7 @@ jobs:
         with:
           go-version-file: go.mod
       - name: Check out code into the Go module directory
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           persist-credentials: false
       - name: Get cache paths
@@ -27,7 +27,7 @@ jobs:
           echo "::set-output name=go-build::$(go env GOCACHE)"
           echo "::set-output name=go-mod::$(go env GOMODCACHE)"
       - name: Cache dependencies
-        uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0
+        uses: actions/cache@d4323d4df104b026a6aa633fdb11d772146be0bf # v4.2.2
         with:
           path: ${{ steps.go-cache-paths.outputs.go-build }}
           key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
@@ -45,7 +45,7 @@ jobs:
           exit $result_code
       - name: Archive test logs
         if: always()
-        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
+        uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4.6.1
         with:
           name: unit-test-${{ runner.os }}-${{ github.event.pull_request.head.sha }}.log
           path: unit-test.log
diff --git a/.github/workflows/kics-gh-action.yaml b/.github/workflows/kics-gh-action.yaml
index c2f9b727177..c908f705105 100644
--- a/.github/workflows/kics-gh-action.yaml
+++ b/.github/workflows/kics-gh-action.yaml
@@ -9,9 +9,9 @@ jobs:
   kics-scan:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
       - name: Run KICS Scan
-        uses: checkmarx/kics-github-action@5a6152ef88416063435cebadfec9de28bcfd041d # v2.1.4
+        uses: checkmarx/kics-github-action@3246fb456a46d1ea8848ae18793c036718b19fe0 # v2.1.5
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
           path: "./Dockerfile"
@@ -21,7 +21,7 @@ jobs:
           output_formats: json,html
           type: dockerfile
           exclude_queries: 67fd0c4a-68cf-46d7-8c41-bc9fba7e40ae # Ignore Last User Is 'root'
-      - uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
+      - uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4.6.1
         with:
           name: results
           path: ./results
diff --git a/.github/workflows/mkdocs.yml b/.github/workflows/mkdocs.yml
index 9bb3139c4d4..38cd8e8e116 100644
--- a/.github/workflows/mkdocs.yml
+++ b/.github/workflows/mkdocs.yml
@@ -11,7 +11,7 @@ jobs:
   deploy:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           fetch-depth: 0
       - uses: toko-bifrost/ms-teams-deploy-card@dcc94e4ce4088b1e6b6de5c9a3cda4ddcbe97d2e # 3.1.2
@@ -28,7 +28,7 @@ jobs:
               value: https://github.com/Checkmarx/kics/actions/runs/${{ github.run_id }}"
             - name: View HEAD Commit
               value: https://github.com/Checkmarx/kics/commit/${{ github.sha }}
-      - uses: actions/setup-python@v4
+      - uses: actions/setup-python@v5
         with:
           python-version: 3.x
       - name: Install dependencies
diff --git a/.github/workflows/prepare-release.yaml b/.github/workflows/prepare-release.yaml
index 4f3e430c981..e1af7bab05c 100644
--- a/.github/workflows/prepare-release.yaml
+++ b/.github/workflows/prepare-release.yaml
@@ -11,7 +11,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout project
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           fetch-depth: 0
       - name: Get current date
@@ -27,7 +27,7 @@ jobs:
           sed -E -i "s/(<p.*>)[0-9]{4}\.[0-9]{2}\.[0-9]{2}<p>/\1${{ steps.cdate.outputs.date }}<p>/" docs/index.md
           sed -E -i "s/(<a.*href=\"https:\/\/github.com\/Checkmarx\/kics\/releases\/download\/).*(\/kics_).*(_[a-z]+_.*>)/\1v${{ github.event.inputs.version }}\2${{ github.event.inputs.version }}\3/g" docs/index.md
       - name: Create pull request
-        uses: peter-evans/create-pull-request@c5a7806660adbe173f04e3e038b0ccdcd758773c # v6
+        uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v6
         with:
           title: "docs(kicsbot): preparing for release ${{ github.event.inputs.version }}"
           token: ${{ secrets.KICS_BOT_PAT }}
diff --git a/.github/workflows/release-commits.yaml b/.github/workflows/release-commits.yaml
index af5ef0f9943..e485fab5c45 100644
--- a/.github/workflows/release-commits.yaml
+++ b/.github/workflows/release-commits.yaml
@@ -11,12 +11,12 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout Source
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
       - name: Set up Go
         uses: actions/setup-go@v5
         with:
           go-version-file: go.mod
-      - uses: actions/setup-python@v4
+      - uses: actions/setup-python@v5
         with:
           python-version: "3.x"
       - name: Run get release commits script
diff --git a/.github/workflows/release-dkr-image.yml b/.github/workflows/release-dkr-image.yml
index dff543f11e7..e2c4d199b69 100644
--- a/.github/workflows/release-dkr-image.yml
+++ b/.github/workflows/release-dkr-image.yml
@@ -14,7 +14,7 @@ jobs:
       DOCKER_CLI_EXPERIMENTAL: "enabled"
     steps:
       - name: Check out the repo
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           fetch-depth: 0
       - name: Get Release version
@@ -36,12 +36,12 @@ jobs:
             - name: View HEAD Commit
               value: https://github.com/Checkmarx/kics/commit/${{ github.sha }}
       - name: Set up QEMU
-        uses: docker/setup-qemu-action@5927c834f5b4fdf503fca6f4c7eccda82949e1ee # v2
+        uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v2
         with:
           image: tonistiigi/binfmt:latest
           platforms: linux/amd64,linux/arm64
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1
+        uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0
       - name: Login to DockerHub
         uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
         with:
@@ -51,7 +51,7 @@ jobs:
         run: echo "CREATED_AT=$(date --rfc-3339=seconds)" >> $GITHUB_ENV
       - name: Docker meta
         id: meta
-        uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1
+        uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0
         with:
           images: "checkmarx/kics"
           labels: |
@@ -67,7 +67,7 @@ jobs:
             org.opencontainers.image.revision=${{ github.sha }}
             org.opencontainers.image.created=${{ env.CREATED_AT }}
       - name: Push alpine to Docker Hub
-        uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6.9.0
+        uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6.15.0
         id: build_alpine
         with:
           context: .
@@ -82,7 +82,7 @@ jobs:
           labels: ${{ steps.meta.outputs.labels }}
       - name: Build and push debian to Docker Hub
         id: build_debian
-        uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6.9.0
+        uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6.15.0
         with:
           context: .
           file: ./docker/Dockerfile.debian
@@ -97,7 +97,7 @@ jobs:
           labels: ${{ steps.meta.outputs.labels }}
       - name: Build and push ubi8 to Docker Hub
         id: build_ubi8
-        uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6.9.0
+        uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6.15.0
         with:
           context: .
           file: ./docker/Dockerfile.ubi8
diff --git a/.github/workflows/release-docker-github-actions.yaml b/.github/workflows/release-docker-github-actions.yaml
index 102e8f7639d..d1ab6448f4d 100644
--- a/.github/workflows/release-docker-github-actions.yaml
+++ b/.github/workflows/release-docker-github-actions.yaml
@@ -13,20 +13,20 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Check out the repo
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           fetch-depth: 0
       - name: Check out the tag
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           ref: ${{ github.event.inputs.version }}
       - name: Set up QEMU
-        uses: docker/setup-qemu-action@5927c834f5b4fdf503fca6f4c7eccda82949e1ee # v2
+        uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v2
         with:
           image: tonistiigi/binfmt:latest
           platforms: linux/amd64,linux/arm64
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1
+        uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0
       - name: Login to DockerHub
         uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
         with:
@@ -36,7 +36,7 @@ jobs:
         run: echo "CREATED_AT=$(date --rfc-3339=seconds)" >> $GITHUB_ENV
       - name: Docker meta
         id: meta
-        uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1
+        uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0
         with:
           images: "checkmarx/kics"
           labels: |
@@ -52,7 +52,7 @@ jobs:
             org.opencontainers.image.revision=${{ github.sha }}
             org.opencontainers.image.created=${{ env.CREATED_AT }}
       - name: Push Github Action Image to Docker Hub
-        uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6.9.0
+        uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6.15.0
         id: build_gh_action
         with:
           context: .
@@ -66,11 +66,11 @@ jobs:
             DESCRIPTIONS_URL=${{ secrets.DESCRIPTIONS_URL }}
           labels: ${{ steps.meta.outputs.labels }}
       - name: Check out the repo
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           fetch-depth: 0
       - name: Create Pull Request
-        uses: peter-evans/create-pull-request@c5a7806660adbe173f04e3e038b0ccdcd758773c # v6
+        uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v6
         with:
           title: "docs(kicsbot): update images digest"
           token: ${{ secrets.KICS_BOT_PAT }}
diff --git a/.github/workflows/release-extract-info.yaml b/.github/workflows/release-extract-info.yaml
index 92ad3d2caaa..463fd6354f1 100644
--- a/.github/workflows/release-extract-info.yaml
+++ b/.github/workflows/release-extract-info.yaml
@@ -9,8 +9,8 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout Source
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
-      - uses: actions/setup-python@v4
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - uses: actions/setup-python@v5
         with:
           python-version: "3.x"
       - name: Run test statistics script
diff --git a/.github/workflows/release-kics-cxone.yaml b/.github/workflows/release-kics-cxone.yaml
index 88222571f63..9312ac69497 100644
--- a/.github/workflows/release-kics-cxone.yaml
+++ b/.github/workflows/release-kics-cxone.yaml
@@ -8,7 +8,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - name: Checkout code
-      uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
     - name: Set up Git credentials
       run: |
diff --git a/.github/workflows/release-nightly.yml b/.github/workflows/release-nightly.yml
index fc6adbccbd9..6a62a06f45e 100644
--- a/.github/workflows/release-nightly.yml
+++ b/.github/workflows/release-nightly.yml
@@ -13,7 +13,7 @@ jobs:
       sha8: ${{ steps.shorthash.outputs.sha8 }}
     steps:
       - name: Checkout
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           fetch-depth: 0
       - name: Check if there are new commits since last nightly
@@ -28,7 +28,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           fetch-depth: 0
       - uses: toko-bifrost/ms-teams-deploy-card@dcc94e4ce4088b1e6b6de5c9a3cda4ddcbe97d2e # 3.1.2
@@ -53,7 +53,7 @@ jobs:
         with:
           go-version: 1.23.x
       - name: Run GoReleaser
-        uses: goreleaser/goreleaser-action@5742e2a039330cbb23ebf35f046f814d4c6ff811 # v5.1.0
+        uses: goreleaser/goreleaser-action@90a3faa9d0182683851fbfa97ca1a2cb983bfca3 # v6.2.1
         with:
           version: v0.160.0
           args: release --rm-dist --snapshot --skip-validate --config="./release/.goreleaser-nightly.yml"
@@ -128,7 +128,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Check out the repo
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
       - uses: toko-bifrost/ms-teams-deploy-card@dcc94e4ce4088b1e6b6de5c9a3cda4ddcbe97d2e # 3.1.2
         if: always()
         with:
@@ -147,12 +147,12 @@ jobs:
             - name: View HEAD Commit
               value: https://github.com/Checkmarx/kics/commit/${{ github.sha }}
       - name: Set up QEMU
-        uses: docker/setup-qemu-action@5927c834f5b4fdf503fca6f4c7eccda82949e1ee # v2
+        uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v2
         with:
           image: tonistiigi/binfmt:latest
           platforms: linux/amd64,linux/arm64
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1
+        uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0
       - name: Login to DockerHub
         uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
         with:
@@ -162,7 +162,7 @@ jobs:
         run: echo "CREATED_AT=$(date --rfc-3339=seconds)" >> $GITHUB_ENV
       - name: Docker meta
         id: meta
-        uses: docker/metadata-action@8e5442c4ef9f78752691e2d8f8d19755c6f78e81 # v5.5.1
+        uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0
         with:
           images: "checkmarx/kics"
           labels: |
@@ -179,7 +179,7 @@ jobs:
             org.opencontainers.image.created=${{ env.CREATED_AT }}
       - name: Push alpine to Docker Hub
         id: build_alpine
-        uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6.9.0
+        uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6.15.0
         with:
           context: .
           push: true
@@ -192,7 +192,7 @@ jobs:
           labels: ${{ steps.meta.outputs.labels }}
       - name: Build and push debian to Docker Hub
         id: build_debian
-        uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6.9.0
+        uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6.15.0
         with:
           context: .
           file: ./docker/Dockerfile.debian
@@ -206,7 +206,7 @@ jobs:
           labels: ${{ steps.meta.outputs.labels }}
       - name: Build and push ubi8 to Docker Hub
         id: build_ubi8
-        uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6.9.0
+        uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6.15.0
         with:
           context: .
           file: ./docker/Dockerfile.ubi8
@@ -219,7 +219,7 @@ jobs:
             DESCRIPTIONS_URL=${{ secrets.DESCRIPTIONS_URL }}
           labels: ${{ steps.meta.outputs.labels }}
       - name: Create Pull Request
-        uses: peter-evans/create-pull-request@c5a7806660adbe173f04e3e038b0ccdcd758773c # v6
+        uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v6
         with:
           title: "docs(kicsbot): update images digest"
           token: ${{ secrets.KICS_BOT_PAT }}
diff --git a/.github/workflows/sec-checks.yaml b/.github/workflows/sec-checks.yaml
index a066a014ca2..0fef213ffc5 100644
--- a/.github/workflows/sec-checks.yaml
+++ b/.github/workflows/sec-checks.yaml
@@ -10,9 +10,9 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
       - name: Run Trivy vulnerability scanner in repo mode
-        uses: aquasecurity/trivy-action@6e7b7d1fd3e4fef0c5fa8cce1229c54b2c9bd0d8 #v 0.24.0
+        uses: aquasecurity/trivy-action@18f2510ee396bbf400402947b394f2dd8c87dbb0 #v 0.29.0
         with:
           scan-type: 'fs'
           ignore-unfixed: true
@@ -27,7 +27,7 @@ jobs:
         run: cat ./results.txt
       - name: Upload artifact
         if: always()
-        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
+        uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4.6.1
         with:
           name: trivy-fs-scan-results
           path: ./results.txt
@@ -40,12 +40,12 @@ jobs:
         kics-docker: [ "Dockerfile" ]
     steps:
       - name: Checkout code
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@4fd812986e6c8c2a69e18311145f9371337f27d4 # v3.4.0
+        uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0
       - name: Build
         id: docker_build
-        uses: docker/build-push-action@1ca370b3a9802c92e886402e0dd88098a2533b12 # v6.4.1
+        uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6.15.0
         with:
           load: true
           context: ./
@@ -59,7 +59,7 @@ jobs:
           cache-from: type=local,src=/tmp/.buildx-cache
           cache-to: type=local,dest=/tmp/.buildx-cache
       - name: Run Trivy vulnerability scanner
-        uses: aquasecurity/trivy-action@6e7b7d1fd3e4fef0c5fa8cce1229c54b2c9bd0d8 #v 0.24.0
+        uses: aquasecurity/trivy-action@18f2510ee396bbf400402947b394f2dd8c87dbb0 #v 0.29.0
         with:
           image-ref: kics:sec-trivy-tests-${{ github.sha }}
           ignore-unfixed: true
@@ -75,7 +75,7 @@ jobs:
         run: cat ./results.txt
       - name: Upload artifact
         if: always()
-        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
+        uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4.6.1
         with:
           name: trivy-docker-image-scan-results
           path: ./results.txt
@@ -84,10 +84,10 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
       - name: Run Grype vulnerability scanner in repo mode
         id: grype-fs-scan
-        uses: anchore/scan-action@d43cc1dfea6a99ed123bf8f3133f1797c9b44492 # v4.1.0
+        uses: anchore/scan-action@7c05671ae9be166aeb155bad2d7df9121823df32 # v6.1.0
         with:
           path: "."
           only-fixed: true
@@ -103,14 +103,14 @@ jobs:
         kics-docker: [ "Dockerfile" ]
     steps:
       - name: Check out code
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           persist-credentials: false
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@4fd812986e6c8c2a69e18311145f9371337f27d4 # v3.4.0
+        uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0
       - name: Build
         id: docker_build
-        uses: docker/build-push-action@1ca370b3a9802c92e886402e0dd88098a2533b12 # v6.4.1
+        uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6.15.0
         with:
           load: true
           context: ./
@@ -125,7 +125,7 @@ jobs:
           cache-to: type=local,dest=/tmp/.buildx-cache
       - name: Scan image
         id: grype-image-scan
-        uses: anchore/scan-action@d43cc1dfea6a99ed123bf8f3133f1797c9b44492 # v4.1.0
+        uses: anchore/scan-action@7c05671ae9be166aeb155bad2d7df9121823df32 # v6.1.0
         with:
           image: kics:sec-tests-${{ github.sha }}
           only-fixed: true
@@ -137,7 +137,7 @@ jobs:
     name: govulncheck fs scan
     steps:
       - name: Checkout code
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
       - uses: actions/setup-go@v5
         with:
           go-version-file: go.mod
@@ -152,7 +152,7 @@ jobs:
         run: cat ./results.txt
       - name: Upload artifact
         if: always()
-        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
+        uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4.6.1
         with:
           name: govulncheck-fs-scan-results
           path: ./results.txt
@@ -161,7 +161,7 @@ jobs:
     name: govulncheck binary scan
     steps:
       - name: Checkout code
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
       - uses: actions/setup-go@v5
         with:
           go-version-file: go.mod
@@ -178,7 +178,7 @@ jobs:
         run: cat ./results.txt
       - name: Upload artifact
         if: always()
-        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
+        uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4.6.1
         with:
           name: govulncheck-binary-scan-results
           path: ./results.txt
@@ -189,7 +189,7 @@ jobs:
           cat binary_dependencies.txt
       - name: Upload artifact
         if: always()
-        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 # v4.6.0
+        uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4.6.1
         with:
           name: binary-dependencies
           path: ./binary_dependencies.txt
\ No newline at end of file
diff --git a/.github/workflows/sonarcloud-scan-branch.yml b/.github/workflows/sonarcloud-scan-branch.yml
index b11cded25dd..6306c2679d8 100644
--- a/.github/workflows/sonarcloud-scan-branch.yml
+++ b/.github/workflows/sonarcloud-scan-branch.yml
@@ -13,7 +13,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Check out the repo
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           ref: ${{ github.event.inputs.branch }}
       - name: SonarCloud Scan
diff --git a/.github/workflows/sonarcloud.yml b/.github/workflows/sonarcloud.yml
index 8bae714aa67..4561a64ad12 100644
--- a/.github/workflows/sonarcloud.yml
+++ b/.github/workflows/sonarcloud.yml
@@ -10,7 +10,7 @@ jobs:
     runs-on: ubuntu-latest
     if: github.repository == 'Checkmarx/kics'
     steps:
-      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis
       - name: SonarCloud Scan
diff --git a/.github/workflows/statistics.yaml b/.github/workflows/statistics.yaml
index c55f4f08a59..6cd139801f9 100644
--- a/.github/workflows/statistics.yaml
+++ b/.github/workflows/statistics.yaml
@@ -10,7 +10,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout Source
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
       - name: Set up Go
         uses: actions/setup-go@v5
         with:
@@ -28,7 +28,7 @@ jobs:
           sudo apt-get install cloc
           GO_LOC=$(cloc . | grep Go | grep -Eo '[0-9]+$')
           echo "::set-output name=goloc::${GO_LOC}"
-      - uses: actions/setup-python@v4
+      - uses: actions/setup-python@v5
         with:
           python-version: "3.x"
       - name: Run test statistics script
diff --git a/.github/workflows/update-docs-queries.yaml b/.github/workflows/update-docs-queries.yaml
index d2b67739b0c..2f28ccb1f68 100644
--- a/.github/workflows/update-docs-queries.yaml
+++ b/.github/workflows/update-docs-queries.yaml
@@ -18,10 +18,10 @@ jobs:
         uses: styfle/cancel-workflow-action@85880fa0301c86cca9da44039ee3bb12d3bedbfa # 0.12.1
         with:
           access_token: ${{ github.token }}
-      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           fetch-depth: 0
-      - uses: actions/setup-python@v4
+      - uses: actions/setup-python@v5
         with:
           python-version: "3.x"
       - name: Update docs
@@ -39,7 +39,7 @@ jobs:
             --t .github/scripts/docs-generator/query-page-generator/templates/query-page-template.md \
             --df
       - name: Create Pull Request
-        uses: peter-evans/create-pull-request@c5a7806660adbe173f04e3e038b0ccdcd758773c # v6
+        uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v6
         with:
           title: "docs(queries): update queries catalog"
           token: ${{ secrets.KICS_BOT_PAT }}
diff --git a/.github/workflows/update-docs-release.yaml b/.github/workflows/update-docs-release.yaml
index 6d29839d747..c5d20efbbb6 100644
--- a/.github/workflows/update-docs-release.yaml
+++ b/.github/workflows/update-docs-release.yaml
@@ -16,7 +16,7 @@ jobs:
         with:
           access_token: ${{ github.token }}
       - name: Checkout project
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           fetch-depth: 0
       - name: Get release version
@@ -32,7 +32,7 @@ jobs:
           echo "curr tag ${{ steps.version.outputs.ctag }}"
           echo "prev ver ${{ steps.version.outputs.pversion }}"
           echo "curr ver ${{ steps.version.outputs.cversion }}"
-      - uses: actions/setup-python@v4
+      - uses: actions/setup-python@v5
         with:
           python-version: 3.x
       - name: Install dependencies
diff --git a/.github/workflows/update-infra-version.yaml b/.github/workflows/update-infra-version.yaml
index 4c326723947..d5a2dd69083 100644
--- a/.github/workflows/update-infra-version.yaml
+++ b/.github/workflows/update-infra-version.yaml
@@ -12,7 +12,7 @@ jobs:
     if: "!github.event.release.prerelease"
     steps:
       - name: Checkout project
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           fetch-depth: 0
       - name: Update Terraform Cloud Integration
diff --git a/.github/workflows/update-install-script.yaml b/.github/workflows/update-install-script.yaml
index 6cf07c15285..30a8e40f1bb 100644
--- a/.github/workflows/update-install-script.yaml
+++ b/.github/workflows/update-install-script.yaml
@@ -13,7 +13,7 @@ jobs:
         with:
           access_token: ${{ github.token }}
       - name: Checkout project
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           fetch-depth: 0
       - name: Get Godownloader
@@ -30,7 +30,7 @@ jobs:
             && chmod +x godownloader \
             && rm -vf $(basename "${FULL_URL}") \
             && cd "${PROJDIR}"
-      - uses: actions/setup-python@v4
+      - uses: actions/setup-python@v5
         with:
           python-version: "3.x"
       - name: Install dependencies
@@ -50,7 +50,7 @@ jobs:
       - name: Update install.sh
         run: ./.bin/godownloader --repo Checkmarx/kics <(echo ${{ steps.outputs.filter.goreleaser }}) > install.sh
       - name: Create Pull Request
-        uses: peter-evans/create-pull-request@c5a7806660adbe173f04e3e038b0ccdcd758773c # v6
+        uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v6
         with:
           title: "chore(install): update install script"
           token: ${{ secrets.KICS_BOT_PAT }}
diff --git a/.github/workflows/update_software_versions.yml b/.github/workflows/update_software_versions.yml
index d2927911894..78cd016df59 100644
--- a/.github/workflows/update_software_versions.yml
+++ b/.github/workflows/update_software_versions.yml
@@ -7,10 +7,10 @@ jobs:
     runs-on: ubuntu-latest    
     steps:
       - name: Checkout project
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           fetch-depth: 0
-      - uses: actions/setup-python@v4
+      - uses: actions/setup-python@v5
         with:
           python-version: "3.x"
       - name: Run update_versions script
@@ -25,7 +25,7 @@ jobs:
              *.json
       - name: Create pull request
         if: steps.verify-changed-files.outputs.files_changed == 'true'
-        uses: peter-evans/create-pull-request@c5a7806660adbe173f04e3e038b0ccdcd758773c # v6
+        uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v6
         with:
           title: "build(deps): updating software versions"
           token: ${{ secrets.KICS_BOT_PAT }}
diff --git a/.github/workflows/validate-ansible-samples.yml b/.github/workflows/validate-ansible-samples.yml
index 731f06cc1b1..039abd9942d 100644
--- a/.github/workflows/validate-ansible-samples.yml
+++ b/.github/workflows/validate-ansible-samples.yml
@@ -11,7 +11,7 @@ jobs:
   lint-samples:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           persist-credentials: false
       - name: yaml-lint
diff --git a/.github/workflows/validate-arm-samples.yaml b/.github/workflows/validate-arm-samples.yaml
index 04e8572a4bd..b97cc29ad0e 100644
--- a/.github/workflows/validate-arm-samples.yaml
+++ b/.github/workflows/validate-arm-samples.yaml
@@ -9,7 +9,7 @@ jobs:
   lint-json-samples:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           persist-credentials: false
       - uses: actions/setup-node@v4
diff --git a/.github/workflows/validate-cfn-samples.yml b/.github/workflows/validate-cfn-samples.yml
index 1fb389993d1..0a57f76a190 100644
--- a/.github/workflows/validate-cfn-samples.yml
+++ b/.github/workflows/validate-cfn-samples.yml
@@ -11,10 +11,10 @@ jobs:
   validate-cfn-syntax:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           persist-credentials: false
-      - uses: actions/setup-python@v4
+      - uses: actions/setup-python@v5
         with:
           python-version: '3.x'
       - name: Get commit changed files
diff --git a/.github/workflows/validate-dkr-samples.yml b/.github/workflows/validate-dkr-samples.yml
index 9fc0ec9fa4d..fe233ce9578 100644
--- a/.github/workflows/validate-dkr-samples.yml
+++ b/.github/workflows/validate-dkr-samples.yml
@@ -9,7 +9,7 @@ jobs:
   validate-dockerfile-syntax:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           persist-credentials: false
       - name: Get Hadolint
diff --git a/.github/workflows/validate-issues.yaml b/.github/workflows/validate-issues.yaml
index 1009b33e03e..91f3a506ec8 100644
--- a/.github/workflows/validate-issues.yaml
+++ b/.github/workflows/validate-issues.yaml
@@ -10,7 +10,7 @@ jobs:
       TITLE: ${{ github.event.issue.title }}
     steps:
     - name: Checkout code
-      uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
       with:
         persist-credentials: false
         sparse-checkout: |
@@ -18,7 +18,7 @@ jobs:
           .github/scripts/pr-issue-info/get_title_types.py
           .github/issue-title-types.yaml
     - name: Set up Python
-      uses: actions/setup-python@v4
+      uses: actions/setup-python@v5
       with:
         python-version: "3.x"
     - name: Install dependencies
@@ -42,7 +42,7 @@ jobs:
         fi
     - name: Delete comment if title is fixed
       if: env.TAG_EXISTS == 'true'
-      uses: thollander/actions-comment-pull-request@b07c7f86be67002023e6cb13f57df3f21cdd3411
+      uses: thollander/actions-comment-pull-request@e4a76dd2b0a3c2027c3fd84147a67c22ee4c90fa
       with:
         message: |
           Deleting comment, please refresh the page...
@@ -51,7 +51,7 @@ jobs:
         GITHUB_TOKEN: ${{ secrets.KICS_BOT_PAT }}
     - name: Add comment if title fails
       if: env.TITLE_CHECK_FAILED == 'true'
-      uses: thollander/actions-comment-pull-request@b07c7f86be67002023e6cb13f57df3f21cdd3411
+      uses: thollander/actions-comment-pull-request@e4a76dd2b0a3c2027c3fd84147a67c22ee4c90fa
       with:
         filePath: .github/scripts/pr-issue-info/issue-fail.md
         comment_tag: title_check
@@ -69,7 +69,7 @@ jobs:
       TITLE: ${{ github.event.issue.title }}
     steps:
     - name: Checkout code
-      uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
       with:
         persist-credentials: false
         sparse-checkout: |
@@ -138,7 +138,7 @@ jobs:
           fi
         fi
     - name: Set up Python
-      uses: actions/setup-python@v4
+      uses: actions/setup-python@v5
       with:
         python-version: "3.x"
     - name: Install dependencies
diff --git a/.github/workflows/validate-k8s-samples.yml b/.github/workflows/validate-k8s-samples.yml
index fa50679aab3..68901309a7c 100644
--- a/.github/workflows/validate-k8s-samples.yml
+++ b/.github/workflows/validate-k8s-samples.yml
@@ -10,7 +10,7 @@ jobs:
   validate-k8s-manifests:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           persist-credentials: false
       - name: Get Kubeval
diff --git a/.github/workflows/validate-openapi-samples.yaml b/.github/workflows/validate-openapi-samples.yaml
index 1ea95ee78df..e6c68a0d0d8 100644
--- a/.github/workflows/validate-openapi-samples.yaml
+++ b/.github/workflows/validate-openapi-samples.yaml
@@ -10,7 +10,7 @@ jobs:
   lint-yaml-samples:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           persist-credentials: false
       - name: yaml-lint
@@ -22,7 +22,7 @@ jobs:
   lint-json-samples:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           persist-credentials: false
       - uses: actions/setup-node@v4
diff --git a/.github/workflows/validate-prs.yaml b/.github/workflows/validate-prs.yaml
index 670b431baec..9d1250e390c 100644
--- a/.github/workflows/validate-prs.yaml
+++ b/.github/workflows/validate-prs.yaml
@@ -12,7 +12,7 @@ jobs:
       TITLE: ${{ github.event.pull_request.title }}
     steps:
     - name: Checkout code
-      uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
       with:
         persist-credentials: false
         sparse-checkout: |
@@ -22,7 +22,7 @@ jobs:
     - name: Print PR Title
       run: echo "$TITLE"
     - name: Set up Python
-      uses: actions/setup-python@v4
+      uses: actions/setup-python@v5
       with:
         python-version: "3.x"
     - name: Install dependencies
@@ -46,7 +46,7 @@ jobs:
         fi
     - name: Delete comment if title is fixed
       if: env.TAG_EXISTS == 'true'
-      uses: thollander/actions-comment-pull-request@b07c7f86be67002023e6cb13f57df3f21cdd3411
+      uses: thollander/actions-comment-pull-request@e4a76dd2b0a3c2027c3fd84147a67c22ee4c90fa
       with:
         message: |
           Deleting comment, please refresh the page...
@@ -55,7 +55,7 @@ jobs:
         GITHUB_TOKEN: ${{ secrets.KICS_BOT_PAT }}
     - name: Add comment if title fails
       if: env.TITLE_CHECK_FAILED == 'true'
-      uses: thollander/actions-comment-pull-request@b07c7f86be67002023e6cb13f57df3f21cdd3411
+      uses: thollander/actions-comment-pull-request@e4a76dd2b0a3c2027c3fd84147a67c22ee4c90fa
       with:
         filePath: .github/scripts/pr-issue-info/title-fail.md
         comment_tag: title_check
@@ -73,7 +73,7 @@ jobs:
       TITLE: ${{ github.event.pull_request.title }}
     steps:
     - name: Checkout code
-      uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
       with:
         persist-credentials: false
         sparse-checkout: |
@@ -153,7 +153,7 @@ jobs:
           fi
         fi
     - name: Set up Python
-      uses: actions/setup-python@v4
+      uses: actions/setup-python@v5
       with:
         python-version: "3.x"
     - name: Install dependencies
diff --git a/.github/workflows/validate-queries-metadata.yml b/.github/workflows/validate-queries-metadata.yml
index 7f7256a11fa..9326728de38 100644
--- a/.github/workflows/validate-queries-metadata.yml
+++ b/.github/workflows/validate-queries-metadata.yml
@@ -9,7 +9,7 @@ jobs:
   validate-metadata:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           persist-credentials: false
       - name: Run queries metadata validation script
diff --git a/.github/workflows/validate-tf-samples.yml b/.github/workflows/validate-tf-samples.yml
index fe24220ef65..f5d6119a575 100644
--- a/.github/workflows/validate-tf-samples.yml
+++ b/.github/workflows/validate-tf-samples.yml
@@ -9,7 +9,7 @@ jobs:
   lint-samples:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
         with:
           persist-credentials: false
       - name: Get tflint
diff --git a/Dockerfile b/Dockerfile
index 735451c44a6..7e9c4830ec7 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,4 +1,4 @@
-FROM checkmarx/go:1.23.5-r1@sha256:c7ad1d8f075e123f4b477bbe364b9c793b2d2c6cdbd299f4900e7e473913a1fa AS build_env
+FROM checkmarx/go:1.24.1-r1@sha256:a0f7f8ef7a91ad096198f3f21e540c06041d13ad3c2423bb5ba842c8d929b672 AS build_env
 
 # Copy the source from the current directory to the Working Directory inside the container
 WORKDIR /app
@@ -21,7 +21,7 @@ RUN go mod download -x
 COPY . .
 
 # Build the Go app
-RUN GOOS=${TARGETOS} GOARCH=${TARGETARCH} go build \
+RUN CGO_ENABLED=0 GOOS=${TARGETOS} GOARCH=${TARGETARCH} go build \
     -ldflags "-s -w -X github.com/Checkmarx/kics/v2/internal/constants.Version=${VERSION} -X github.com/Checkmarx/kics/v2/internal/constants.SCMCommit=${COMMIT} -X github.com/Checkmarx/kics/v2/internal/constants.SentryDSN=${SENTRY_DSN} -X github.com/Checkmarx/kics/v2/internal/constants.BaseURL=${DESCRIPTIONS_URL}" \
     -a -installsuffix cgo \
     -o bin/kics cmd/console/main.go
@@ -29,7 +29,7 @@ RUN GOOS=${TARGETOS} GOARCH=${TARGETARCH} go build \
 # Runtime image
 # Ignore no User Cmd since KICS container is stopped afer scan
 # kics-scan ignore-line
-FROM checkmarx/git:2.47.0-r0@sha256:b80cefbc536108e0e8e4305f01fd76445533133f3e2d1fedc4cb64754e915a14
+FROM checkmarx/git:2.47.0-r0@sha256:1563b3daa0a20bc53c0dbf7ab0b2cf0d3ab9db9a336ac3c2d174e8f7e4644db3
 
 ENV TERM xterm-256color
 
@@ -49,4 +49,4 @@ USER root
 ENV PATH $PATH:/app/bin
 
 # Command to run the executable
-ENTRYPOINT ["/app/bin/kics"]
\ No newline at end of file
+ENTRYPOINT ["/app/bin/kics"]
diff --git a/assets/queries/cloudFormation/aws/access_key_not_rotated_within_90_days/metadata.json b/assets/queries/cloudFormation/aws/access_key_not_rotated_within_90_days/metadata.json
index 94c51fdb33d..736cce650aa 100644
--- a/assets/queries/cloudFormation/aws/access_key_not_rotated_within_90_days/metadata.json
+++ b/assets/queries/cloudFormation/aws/access_key_not_rotated_within_90_days/metadata.json
@@ -4,9 +4,9 @@
   "severity": "MEDIUM",
   "category": "Secret Management",
   "descriptionText": "ConfigRule should enforce access keys to be rotated within 90 days.",
-  "descriptionUrl": "https://docs.amazonaws.cn/en_us/config/latest/developerguide/access-keys-rotated.html",
+  "descriptionUrl": "https://docs.aws.amazon.com/en_us/config/latest/developerguide/access-keys-rotated.html",
   "platform": "CloudFormation",
   "descriptionID": "148d40cb",
   "cloudProvider": "aws",
   "cwe": "522"
-}
\ No newline at end of file
+}
diff --git a/assets/queries/cloudFormation/aws/iam_access_analyzer_not_enabled/metadata.json b/assets/queries/cloudFormation/aws/iam_access_analyzer_not_enabled/metadata.json
index 5a6489730a9..2c9a0b5c523 100644
--- a/assets/queries/cloudFormation/aws/iam_access_analyzer_not_enabled/metadata.json
+++ b/assets/queries/cloudFormation/aws/iam_access_analyzer_not_enabled/metadata.json
@@ -4,9 +4,9 @@
   "severity": "LOW",
   "category": "Best Practices",
   "descriptionText": "IAM Access Analyzer should be enabled and configured to continuously monitor resource permissions",
-  "descriptionUrl": "https://docs.amazonaws.cn/en_us/AWSCloudFormation/latest/UserGuide/aws-resource-accessanalyzer-analyzer.html",
+  "descriptionUrl": "https://docs.aws.amazon.com/en_us/AWSCloudFormation/latest/UserGuide/aws-resource-accessanalyzer-analyzer.html",
   "platform": "CloudFormation",
   "descriptionID": "24a6978e",
   "cloudProvider": "aws",
   "cwe": "778"
-}
\ No newline at end of file
+}
diff --git a/assets/queries/common/passwords_and_secrets/regex_rules.json b/assets/queries/common/passwords_and_secrets/regex_rules.json
index 8f9f52a297e..5fb6bf2d971 100644
--- a/assets/queries/common/passwords_and_secrets/regex_rules.json
+++ b/assets/queries/common/passwords_and_secrets/regex_rules.json
@@ -16,6 +16,14 @@
         {
           "description": "Avoiding Ansible playbook update_password",
           "regex": "['\"]?update_password['\"]?\\s*[:=]\\s*['\"]?([A-Za-z0-9/~^_!@&%()=?*+-.]{4,})['\"]?"
+        },
+        {
+          "description": "Allow passwords retrieved from Terraform data sources",
+          "regex": "(?i)['\"]?password['\"]?\\s*=\\s*data\\.azurerm_key_vault_secret\\.[A-Za-z0-9_]+\\.value"
+        },
+        {
+          "description": "Allow passwords retrieved from AWS KMS Secrets",
+          "regex": "(?i)['\"]?password['\"]?\\s*=\\s*data\\.aws_kms_secrets\\.[A-Za-z0-9_]+\\.plaintext\\[\"[A-Za-z0-9_]+\"\\]"
         }
       ],
       "specialMask": "(?i)['\"]?password['\"]?\\s*[:=]\\s*"
diff --git a/assets/queries/common/passwords_and_secrets/test/negative47.tf b/assets/queries/common/passwords_and_secrets/test/negative47.tf
new file mode 100644
index 00000000000..8647a01ff60
--- /dev/null
+++ b/assets/queries/common/passwords_and_secrets/test/negative47.tf
@@ -0,0 +1,44 @@
+provider "azurerm" {
+  features {}
+}
+
+# Example of using an existing Key Vault and secret
+data "azurerm_key_vault" "example" {
+  name                = "your-key-vault-name"
+  resource_group_name = "your-resource-group"
+}
+
+data "azurerm_key_vault_secret" "LinuxVmPassword" {
+  name          = "your-secret-name"
+  key_vault_id  = data.azurerm_key_vault.example.id
+}
+
+resource "azurerm_linux_virtual_machine" "example_vm" {
+  name                = "example-vm"
+  resource_group_name = "your-resource-group"
+  location            = "your-location"
+  size                = "Standard_DS1_v2"
+  admin_username      = "adminuser"
+  admin_password      = data.azurerm_key_vault_secret.LinuxVmPassword.value
+
+  network_interface_ids = [
+    # Your network interface ID
+  ]
+
+  os_disk {
+    caching              = "ReadWrite"
+    storage_account_type = "Standard_LRS"
+  }
+
+  source_image_reference {
+    publisher = "Canonical"
+    offer     = "UbuntuServer"
+    sku       = "18.04-LTS"
+    version   = "latest"
+  }
+}
+
+output "vm_password" {
+  value     = data.azurerm_key_vault_secret.LinuxVmPassword.value
+  sensitive = true
+}
diff --git a/assets/queries/common/passwords_and_secrets/test/negative48.tf b/assets/queries/common/passwords_and_secrets/test/negative48.tf
new file mode 100644
index 00000000000..85e9a2c0f38
--- /dev/null
+++ b/assets/queries/common/passwords_and_secrets/test/negative48.tf
@@ -0,0 +1,17 @@
+data "template_file" "sci_integration_app_properties_secret_template" {
+  template = file(join("", ["/secrets/sci-integration-app", var.resource_identifier_shorthand], ".json"))
+
+  vars = {
+    ayreshirerarran_password   = data.aws_kms_secrets.sci_app_kms_secrets.plaintext["ayreshirerarran_password"]
+    lanark_password            = data.aws_kms_secrets.sci_app_kms_secrets.plaintext["lanark_password"]
+    tayside_password           = data.aws_kms_secrets.sci_app_kms_secrets.plaintext["tayside_password"]
+    glasgow_password           = data.aws_kms_secrets.sci_app_kms_secrets.plaintext["glasgow_password"]
+    grampian_password          = data.aws_kms_secrets.sci_app_kms_secrets.plaintext["grampian_password"]
+    highland_password          = data.aws_kms_secrets.sci_app_kms_secrets.plaintext["highland_password"]
+    westernisles_password      = data.aws_kms_secrets.sci_app_kms_secrets.plaintext["westernisles_password"]
+    dumfriesandgalloway_password = data.aws_kms_secrets.sci_app_kms_secrets.plaintext["dumfriesandgalloway_password"]
+    forthvalley_password       = data.aws_kms_secrets.sci_app_kms_secrets.plaintext["forthvalley_password"]
+    borders_password           = data.aws_kms_secrets.sci_app_kms_secrets.plaintext["borders_password"]
+    lothian_password           = data.aws_kms_secrets.sci_app_kms_secrets.plaintext["lothian_password"]
+  }
+}
diff --git a/assets/queries/common/passwords_and_secrets/test/positive46.yaml b/assets/queries/common/passwords_and_secrets/test/positive46.yaml
index 2f204271bb0..a45774ac9a0 100644
--- a/assets/queries/common/passwords_and_secrets/test/positive46.yaml
+++ b/assets/queries/common/passwords_and_secrets/test/positive46.yaml
@@ -17,4 +17,5 @@ services:
       - "5432:5432"
     environment:
       - POSTGRES_USER=postgres
-      - POSTGRES_PASSWORD=postgres
\ No newline at end of file
+      - POSTGRES_PASSWORD=postgres
+      - POSTGRES_PASSWORD=string
diff --git a/assets/queries/common/passwords_and_secrets/test/positive_expected_result.json b/assets/queries/common/passwords_and_secrets/test/positive_expected_result.json
index 6f9b4c07baf..791f3fdacb7 100644
--- a/assets/queries/common/passwords_and_secrets/test/positive_expected_result.json
+++ b/assets/queries/common/passwords_and_secrets/test/positive_expected_result.json
@@ -383,6 +383,12 @@
     "line": 20,
     "fileName": "positive46.yaml"
   },
+  {
+    "queryName": "Passwords And Secrets - Generic Password",
+    "severity": "HIGH",
+    "line": 21,
+    "fileName": "positive46.yaml"
+  },
   {
     "queryName": "Passwords And Secrets - Google OAuth",
     "severity": "HIGH",
diff --git a/assets/queries/openAPI/2.0/invalid_media_type_value/metadata.json b/assets/queries/openAPI/2.0/invalid_media_type_value/metadata.json
index 8ed328d4b30..9e01c890b4c 100644
--- a/assets/queries/openAPI/2.0/invalid_media_type_value/metadata.json
+++ b/assets/queries/openAPI/2.0/invalid_media_type_value/metadata.json
@@ -3,10 +3,10 @@
   "queryName": "Invalid Media Type Value (v2)",
   "severity": "INFO",
   "category": "Best Practices",
-  "descriptionText": "The Media Type value should match the following format: <type>/<subtype>[+suffix][;parameters]",
+  "descriptionText": "The Media Type value should match the following format: `<type>/<subtype>[+suffix][;parameters]`",
   "descriptionUrl": "https://swagger.io/specification/#media-type-object",
   "platform": "OpenAPI",
   "descriptionID": "bde04b9d",
   "cloudProvider": "common",
   "cwe": "710"
-}
\ No newline at end of file
+}
diff --git a/assets/queries/openAPI/3.0/invalid_media_type_value/metadata.json b/assets/queries/openAPI/3.0/invalid_media_type_value/metadata.json
index 6d95759cfc5..75b95dc0432 100644
--- a/assets/queries/openAPI/3.0/invalid_media_type_value/metadata.json
+++ b/assets/queries/openAPI/3.0/invalid_media_type_value/metadata.json
@@ -3,10 +3,10 @@
   "queryName": "Invalid Media Type Value (v3)",
   "severity": "INFO",
   "category": "Best Practices",
-  "descriptionText": "The Media Type value should match the following format: <type>/<subtype>[+suffix][;parameters]",
+  "descriptionText": "The Media Type value should match the following format: `<type>/<subtype>[+suffix][;parameters]`",
   "descriptionUrl": "https://swagger.io/specification/#media-type-object",
   "platform": "OpenAPI",
   "descriptionID": "6d641994",
   "cloudProvider": "common",
   "cwe": "710"
-}
\ No newline at end of file
+}
diff --git a/assets/queries/openAPI/3.0/invalid_media_type_value/query.rego b/assets/queries/openAPI/3.0/invalid_media_type_value/query.rego
index ddda8ef1c3b..dd7cb17f9bf 100644
--- a/assets/queries/openAPI/3.0/invalid_media_type_value/query.rego
+++ b/assets/queries/openAPI/3.0/invalid_media_type_value/query.rego
@@ -4,18 +4,20 @@ import data.generic.openapi as openapi_lib
 
 CxPolicy[result] {
 	doc := input.document[i]
-	openapi_lib.check_openapi(doc) == "3.0"
+    openapi_lib.check_openapi(doc) == "3.0"
 
-	[path, value] := walk(doc)
-	content = value.content[mime]
+    [path, value] := walk(doc)
+    content = value.content[mime]
 
-	not openapi_lib.is_valid_mime(mime)
+    # Ensure "content" inside "properties" is treated as a field name, not an OpenAPI content spec.
+    not path[count(path) - 1] == "properties"
+    not openapi_lib.is_valid_mime(mime)
 
-	result := {
-		"documentId": doc.id,
-		"searchKey": sprintf("%s.content.%s", [openapi_lib.concat_path(path), mime]),
-		"issueType": "IncorrectValue",
-		"keyExpectedValue": "The Media Type should be a valid value",
-		"keyActualValue": "The Media Type is a invalid value",
-	}
+    result := {
+        "documentId": doc.id,
+        "searchKey": sprintf("%s.content.%s", [openapi_lib.concat_path(path), mime]),
+        "issueType": "IncorrectValue",
+        "keyExpectedValue": "The Media Type should be a valid value",
+        "keyActualValue": "The Media Type is an invalid value",
+    }
 }
diff --git a/assets/queries/openAPI/3.0/invalid_media_type_value/test/negative3.yaml b/assets/queries/openAPI/3.0/invalid_media_type_value/test/negative3.yaml
new file mode 100644
index 00000000000..0a5e6d1204c
--- /dev/null
+++ b/assets/queries/openAPI/3.0/invalid_media_type_value/test/negative3.yaml
@@ -0,0 +1,68 @@
+openapi: 3.0.0
+info:
+  title: Pet Store API
+  version: 1.0.0
+servers:
+  - url: https://api.example.com/v1
+paths:
+  /pets:
+    get:
+      summary: Get a list of pets
+      responses:
+        '200':
+          description: Successful response
+          content:
+            application/json:
+              example: { "pets": ["dog", "cat"] }
+    post:
+      summary: Add a new pet
+      requestBody:
+        content:
+          application/json:
+            schema:
+              type: object
+              properties:
+                name:
+                  type: string
+                  example: "Fido"
+                  pattern: "^[A-Za-z]{1,20}$"
+                species:
+                  type: string
+                  example: "dog"
+                color:
+                  type: string
+                  enum:
+                    - brown
+                    - grey
+                    - black
+                    - white
+                birthDate:
+                  type: string
+                  format: date
+                weight:
+                  type: integer
+                  format: int32
+                someSubType:
+                  type: 'object'
+                  properties:
+                    content:
+                      type: string
+      responses:
+        '201':
+          description: Pet added successfully
+  /pets/{petId}:
+    get:
+      summary: Get details of a specific pet
+      parameters:
+        - name: petId
+          in: path
+          required: true
+          schema:
+            type: integer
+            format: int64
+      responses:
+        '200':
+          description: Successful response
+          content:
+            application/json:
+              example: { "name": "Fido", "species": "dog" }
diff --git a/assets/queries/openAPI/3.0/invalid_media_type_value/test/negative4.json b/assets/queries/openAPI/3.0/invalid_media_type_value/test/negative4.json
new file mode 100644
index 00000000000..177bba418e6
--- /dev/null
+++ b/assets/queries/openAPI/3.0/invalid_media_type_value/test/negative4.json
@@ -0,0 +1,108 @@
+{
+  "openapi": "3.0.0",
+  "info": {
+    "title": "Pet Store API",
+    "version": "1.0.0"
+  },
+  "servers": [
+    {
+      "url": "https://api.example.com/v1"
+    }
+  ],
+  "paths": {
+    "/pets": {
+      "get": {
+        "summary": "Get a list of pets",
+        "responses": {
+          "200": {
+            "description": "Successful response",
+            "content": {
+              "application/json": {
+                "example": { "pets": ["dog", "cat"] }
+              }
+            }
+          }
+        }
+      },
+      "post": {
+        "summary": "Add a new pet",
+        "requestBody": {
+          "content": {
+            "application/json": {
+              "schema": {
+                "type": "object",
+                "properties": {
+                  "name": {
+                    "type": "string",
+                    "example": "Fido",
+                    "pattern": "^[A-Za-z]{1,20}$"
+                  },
+                  "species": {
+                    "type": "string",
+                    "example": "dog"
+                  },
+                  "color": {
+                    "type": "string",
+                    "enum": [
+                      "brown",
+                      "grey",
+                      "black",
+                      "white"
+                    ]
+                  },
+                  "birthDate": {
+                    "type": "string",
+                    "format": "date"
+                  },
+                  "weight": {
+                    "type": "integer",
+                    "format": "int32"
+                  },
+                  "someSubType": {
+                    "type": "object",
+                    "properties": {
+                      "content": {
+                        "type": "string"
+                      }
+                    }
+                  }
+                }
+              }
+            }
+          }
+        },
+        "responses": {
+          "201": {
+            "description": "Pet added successfully"
+          }
+        }
+      }
+    },
+    "/pets/{petId}": {
+      "get": {
+        "summary": "Get details of a specific pet",
+        "parameters": [
+          {
+            "name": "petId",
+            "in": "path",
+            "required": true,
+            "schema": {
+              "type": "integer",
+              "format": "int64"
+            }
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "Successful response",
+            "content": {
+              "application/json": {
+                "example": { "name": "Fido", "species": "dog" }
+              }
+            }
+          }
+        }
+      }
+    }
+  }
+}
diff --git a/assets/queries/openAPI/3.0/invalid_media_type_value/test/negative5.yaml b/assets/queries/openAPI/3.0/invalid_media_type_value/test/negative5.yaml
new file mode 100644
index 00000000000..a64143bdbc7
--- /dev/null
+++ b/assets/queries/openAPI/3.0/invalid_media_type_value/test/negative5.yaml
@@ -0,0 +1,76 @@
+openapi: 3.0.0
+info:
+  title: Pet Store API
+  version: 1.0.0
+servers:
+  - url: https://api.example.com/v1
+paths:
+  /pets:
+    get:
+      summary: Get a list of pets
+      responses:
+        '200':
+          description: Successful response
+          content:
+            application/json:
+              example: { "pets": ["dog", "cat"] }
+    post:
+      summary: Add a new pet
+      requestBody:
+        content:
+          application/json:
+            schema:
+              type: object
+              properties:
+                name:
+                  type: string
+                  example: "Fido"
+                  pattern: "^[A-Za-z]{1,20}$"
+                species:
+                  type: string
+                  example: "dog"
+                color:
+                  type: string
+                  enum:
+                    - brown
+                    - grey
+                    - black
+                    - white
+                birthDate:
+                  type: string
+                  format: date
+                weight:
+                  type: integer
+                  format: int32
+                someSubType:
+                  type: 'object'
+                  properties:
+                    content:
+                      type: 'object'
+                      properties:
+                        content:
+                          type: object
+                          properties:
+                            key1:
+                              type: string
+                            key2:
+                              type: integer
+      responses:
+        '201':
+          description: Pet added successfully
+  /pets/{petId}:
+    get:
+      summary: Get details of a specific pet
+      parameters:
+        - name: petId
+          in: path
+          required: true
+          schema:
+            type: integer
+            format: int64
+      responses:
+        '200':
+          description: Successful response
+          content:
+            application/json:
+              example: { "name": "Fido", "species": "dog" }
diff --git a/assets/queries/openAPI/3.0/invalid_media_type_value/test/negative6.json b/assets/queries/openAPI/3.0/invalid_media_type_value/test/negative6.json
new file mode 100644
index 00000000000..9a9dc9cc1d5
--- /dev/null
+++ b/assets/queries/openAPI/3.0/invalid_media_type_value/test/negative6.json
@@ -0,0 +1,116 @@
+{
+  "openapi": "3.0.0",
+  "info": {
+    "title": "Pet Store API",
+    "version": "1.0.0"
+  },
+  "servers": [
+    {
+      "url": "https://api.example.com/v1"
+    }
+  ],
+  "paths": {
+    "/pets": {
+      "get": {
+        "summary": "Get a list of pets",
+        "responses": {
+          "200": {
+            "description": "Successful response",
+            "content": {
+              "application/json": {
+                "example": { "pets": ["dog", "cat"] }
+              }
+            }
+          }
+        }
+      },
+      "post": {
+        "summary": "Add a new pet",
+        "requestBody": {
+          "content": {
+            "application/json": {
+              "schema": {
+                "type": "object",
+                "properties": {
+                  "name": {
+                    "type": "string",
+                    "example": "Fido",
+                    "pattern": "^[A-Za-z]{1,20}$"
+                  },
+                  "species": {
+                    "type": "string",
+                    "example": "dog"
+                  },
+                  "color": {
+                    "type": "string",
+                    "enum": ["brown", "grey", "black", "white"]
+                  },
+                  "birthDate": {
+                    "type": "string",
+                    "format": "date"
+                  },
+                  "weight": {
+                    "type": "integer",
+                    "format": "int32"
+                  },
+                  "someSubType": {
+                    "type": "object",
+                    "properties": {
+                      "content": {
+                        "type": "object",
+                        "properties": {
+                          "content": {
+                            "type": "object",
+                            "properties": {
+                              "key1": {
+                                "type": "string"
+                              },
+                              "key2": {
+                                "type": "integer"
+                              }
+                            }
+                          }
+                        }
+                      }
+                    }
+                  }
+                }
+              }
+            }
+          }
+        },
+        "responses": {
+          "201": {
+            "description": "Pet added successfully"
+          }
+        }
+      }
+    },
+    "/pets/{petId}": {
+      "get": {
+        "summary": "Get details of a specific pet",
+        "parameters": [
+          {
+            "name": "petId",
+            "in": "path",
+            "required": true,
+            "schema": {
+              "type": "integer",
+              "format": "int64"
+            }
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "Successful response",
+            "content": {
+              "application/json": {
+                "example": { "name": "Fido", "species": "dog" }
+              }
+            }
+          }
+        }
+      }
+    }
+  }
+}
diff --git a/docker/Dockerfile.debian b/docker/Dockerfile.debian
index 2d26964bfaf..d48e7e92e6c 100644
--- a/docker/Dockerfile.debian
+++ b/docker/Dockerfile.debian
@@ -3,7 +3,7 @@
 # it does not define an ENTRYPOINT as this is a requirement described here:
 # https://docs.microsoft.com/en-us/azure/devops/pipelines/process/container-phases?view=azure-devops#linux-based-containers
 #
-FROM --platform=${BUILDPLATFORM:-linux/amd64} golang:1.23.5-bookworm as build_env
+FROM --platform=${BUILDPLATFORM:-linux/amd64} golang:1.23.6-bookworm as build_env
 # Create a group and user
 RUN groupadd checkmarx && useradd -g checkmarx -M -s /bin/bash checkmarx
 USER checkmarx
diff --git a/docker/Dockerfile.ubi8 b/docker/Dockerfile.ubi8
index 2da3837a0ec..bbbfe46190a 100644
--- a/docker/Dockerfile.ubi8
+++ b/docker/Dockerfile.ubi8
@@ -4,10 +4,10 @@ WORKDIR /build
 
 ENV PATH=$PATH:/usr/local/go/bin
 
-ADD https://golang.org/dl/go1.23.5.linux-amd64.tar.gz .
+ADD https://golang.org/dl/go1.23.6.linux-amd64.tar.gz .
 RUN yum install git gcc -y \
-  && rm -rf /usr/local/go && tar -C /usr/local -xzf go1.23.5.linux-amd64.tar.gz \
-  && rm -f go1.23.5.linux-amd64.tar.gz
+  && rm -rf /usr/local/go && tar -C /usr/local -xzf go1.23.6.linux-amd64.tar.gz \
+  && rm -f go1.23.6.linux-amd64.tar.gz
 
 ENV GOPRIVATE=github.com/Checkmarx/*
 ARG VERSION="development"
@@ -44,7 +44,7 @@ LABEL name="KICS" \
   description="Checkmarx/kics is an opensource project that enable you to find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code find more in https://kics.io" \
   maintainer="kics@checkmarx.com" \
   vendor="Checkmarx" \
-  version="v2.1.5" \
+  version="v2.1.6" \
   release="1" \
   io.k8s.display-name="KICS by Checkmarx" \
   io.openshift.tags="kics checkmarx"
diff --git a/docs/index.md b/docs/index.md
index 29cd7b41aed..92ea66d138f 100644
--- a/docs/index.md
+++ b/docs/index.md
@@ -11,8 +11,8 @@
     </div>
     <div class="col-6 text-center">
         <br/><br/>
-        <h4>Version 2.1.5</h4>
-        <p style="font-size:8pt">2025.02.05<p>
+        <h4>Version 2.1.6</h4>
+        <p style="font-size:8pt">2025.03.17<p>
         <a class="btn btn-outline-success"  href="https://docs.kics.io/latest/CONTRIBUTING">Contribute!</a>
     </div>
 </div>
diff --git a/docs/platforms.md b/docs/platforms.md
index 74b8429ea54..57bbbe576ae 100644
--- a/docs/platforms.md
+++ b/docs/platforms.md
@@ -30,6 +30,20 @@ Note that KICS recognizes this technology as Azure Resource Manager (for queries
 
 Explore our ongoing enhancements and planned features on our [Future Improvements](future_improvements.md) page.
 
+## Buildah
+
+KICS supports scanning Buildah container build scripts with a .sh extension. 
+
+Currently, KICS offers one query for this platform, but the goal is to expand its capabilities to scan for potential misconfigurations, security vulnerabilities and best practice violations in Buildah scripts.
+
+## CICD
+
+KICS supports scanning GitHub Workflows CICD files with `.yaml` or `.yml` extension.
+
+## CloudFormation
+
+KICS supports scanning CloudFormation templates with `.json` or `.yaml` extension.
+
 ## CDK
 
 [AWS Cloud Development Kit](https://docs.aws.amazon.com/cdk/latest/guide/home.html) is a software development framework for defining cloud infrastructure in code and provisioning it through AWS CloudFormation.
@@ -68,14 +82,6 @@ cdk synth > cfn-stack.yaml
 docker run -t -v $PWD/cfn-stack.yaml:/path/cfn-stack.yaml -it checkmarx/kics:latest scan -p /path/cfn-stack.yaml
 ```
 
-## CICD
-
-KICS supports scanning Github Workflows CICD files with `.yaml` or `.yml` extension.
-
-## CloudFormation
-
-KICS supports scanning CloudFormation templates with `.json` or `.yaml` extension.
-
 ## Crossplane
 
 KICS supports scanning Crossplane manifests with `.yaml` extension.
@@ -122,6 +128,7 @@ Platform: Kubernetes
 ## Knative
 
 KICS supports scanning Knative manifests with `.yaml` extension.
+
 Due to the possibility of the definition of the [PodSpec and PodTemplate](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.21/#podspec-v1-core) in Knative files, Kubernetes Security Queries are also loaded once the presence of the Knative files is detected.
 
 ## Kubernetes
@@ -139,8 +146,8 @@ KICS supports scanning Pulumi manifests with `.yaml` extension.
 ## ServerlessFW
 
 KICS supports scanning Serverless manifests with `.yml` extension.
-Due to the possibility of the definition of the CloudFormation template,  inside `Serverless.yml`, CloudFormation Security Queries are also loaded once the presence of the ServerlessFW files is detected.
 
+Due to the possibility of the definition of the CloudFormation template,  inside `Serverless.yml`, CloudFormation Security Queries are also loaded once the presence of the ServerlessFW files is detected.
 
 ## Google Deployment Manager
 
diff --git a/docs/queries/all-queries.md b/docs/queries/all-queries.md
index d5745dc634f..1a528474dda 100644
--- a/docs/queries/all-queries.md
+++ b/docs/queries/all-queries.md
@@ -460,7 +460,7 @@ This page contains all queries.
 |S3 Bucket CloudTrail Logging Disabled<br/><sup><sub>c3ce69fd-e3df-49c6-be78-1db3f802261c</sub></sup>|CloudFormation|<span style="color:#ff7213">Medium</span>|Observability|<a href="../cloudformation-queries/aws/c3ce69fd-e3df-49c6-be78-1db3f802261c" onclick="newWindowOpenerSafe(event, '../cloudformation-queries/aws/c3ce69fd-e3df-49c6-be78-1db3f802261c')">Query details</a><br><a href="https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket.html#cfn-s3-bucket-loggingconfig">Documentation</a><br/>|
 |S3 Bucket Logging Disabled<br/><sup><sub>4552b71f-0a2a-4bc4-92dd-ed7ec1b4674c</sub></sup>|CloudFormation|<span style="color:#ff7213">Medium</span>|Observability|<a href="../cloudformation-queries/aws/4552b71f-0a2a-4bc4-92dd-ed7ec1b4674c" onclick="newWindowOpenerSafe(event, '../cloudformation-queries/aws/4552b71f-0a2a-4bc4-92dd-ed7ec1b4674c')">Query details</a><br><a href="https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket.html#cfn-s3-bucket-loggingconfig">Documentation</a><br/>|
 |VPC FlowLogs Disabled<br/><sup><sub>f6d299d2-21eb-41cc-b1e1-fe12d857500b</sub></sup>|CloudFormation|<span style="color:#ff7213">Medium</span>|Observability|<a href="../cloudformation-queries/aws/f6d299d2-21eb-41cc-b1e1-fe12d857500b" onclick="newWindowOpenerSafe(event, '../cloudformation-queries/aws/f6d299d2-21eb-41cc-b1e1-fe12d857500b')">Query details</a><br><a href="https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-flowlog.html">Documentation</a><br/>|
-|High Access Key Rotation Period<br/><sup><sub>800fa019-49dd-421b-9042-7331fdd83fa2</sub></sup>|CloudFormation|<span style="color:#ff7213">Medium</span>|Secret Management|<a href="../cloudformation-queries/aws/800fa019-49dd-421b-9042-7331fdd83fa2" onclick="newWindowOpenerSafe(event, '../cloudformation-queries/aws/800fa019-49dd-421b-9042-7331fdd83fa2')">Query details</a><br><a href="https://docs.amazonaws.cn/en_us/config/latest/developerguide/access-keys-rotated.html">Documentation</a><br/>|
+|High Access Key Rotation Period<br/><sup><sub>800fa019-49dd-421b-9042-7331fdd83fa2</sub></sup>|CloudFormation|<span style="color:#ff7213">Medium</span>|Secret Management|<a href="../cloudformation-queries/aws/800fa019-49dd-421b-9042-7331fdd83fa2" onclick="newWindowOpenerSafe(event, '../cloudformation-queries/aws/800fa019-49dd-421b-9042-7331fdd83fa2')">Query details</a><br><a href="https://docs.aws.amazon.com/en_us/config/latest/developerguide/access-keys-rotated.html">Documentation</a><br/>|
 |IAM User With No Group<br/><sup><sub>06933df4-0ea7-461c-b9b5-104d27390e0e</sub></sup>|CloudFormation|<span style="color:#edd57e">Low</span>|Access Control|<a href="../cloudformation-queries/aws/06933df4-0ea7-461c-b9b5-104d27390e0e" onclick="newWindowOpenerSafe(event, '../cloudformation-queries/aws/06933df4-0ea7-461c-b9b5-104d27390e0e')">Query details</a><br><a href="https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/quickref-iam.html#scenario-iam-policy">Documentation</a><br/>|
 |Support Has No Role Associated<br/><sup><sub>d71b5fd7-9020-4b2d-9ec8-b3839faa2744</sub></sup>|CloudFormation|<span style="color:#edd57e">Low</span>|Access Control|<a href="../cloudformation-queries/aws/d71b5fd7-9020-4b2d-9ec8-b3839faa2744" onclick="newWindowOpenerSafe(event, '../cloudformation-queries/aws/d71b5fd7-9020-4b2d-9ec8-b3839faa2744')">Query details</a><br><a href="https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-policy.html">Documentation</a><br/>|
 |EBS Volume Not Attached To Instances<br/><sup><sub>1819ac03-542b-4026-976b-f37addd59f3b</sub></sup>|CloudFormation|<span style="color:#edd57e">Low</span>|Availability|<a href="../cloudformation-queries/aws/1819ac03-542b-4026-976b-f37addd59f3b" onclick="newWindowOpenerSafe(event, '../cloudformation-queries/aws/1819ac03-542b-4026-976b-f37addd59f3b')">Query details</a><br><a href="https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-ebs-volumeattachment.html">Documentation</a><br/>|
@@ -472,7 +472,7 @@ This page contains all queries.
 |CDN Configuration Is Missing<br/><sup><sub>e4f54ff4-d352-40e8-a096-5141073c37a2</sub></sup>|CloudFormation|<span style="color:#edd57e">Low</span>|Best Practices|<a href="../cloudformation-queries/aws/e4f54ff4-d352-40e8-a096-5141073c37a2" onclick="newWindowOpenerSafe(event, '../cloudformation-queries/aws/e4f54ff4-d352-40e8-a096-5141073c37a2')">Query details</a><br><a href="https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-distributionconfig.html">Documentation</a><br/>|
 |Cognito UserPool Without MFA<br/><sup><sub>74a18d1a-cf02-4a31-8791-ed0967ad7fdc</sub></sup>|CloudFormation|<span style="color:#edd57e">Low</span>|Best Practices|<a href="../cloudformation-queries/aws/74a18d1a-cf02-4a31-8791-ed0967ad7fdc" onclick="newWindowOpenerSafe(event, '../cloudformation-queries/aws/74a18d1a-cf02-4a31-8791-ed0967ad7fdc')">Query details</a><br><a href="https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpool.html">Documentation</a><br/>|
 |Geo Restriction Disabled<br/><sup><sub>7f8843f0-9ea5-42b4-a02b-753055113195</sub></sup>|CloudFormation|<span style="color:#edd57e">Low</span>|Best Practices|<a href="../cloudformation-queries/aws/7f8843f0-9ea5-42b4-a02b-753055113195" onclick="newWindowOpenerSafe(event, '../cloudformation-queries/aws/7f8843f0-9ea5-42b4-a02b-753055113195')">Query details</a><br><a href="https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/georestrictions.html">Documentation</a><br/>|
-|IAM Access Analyzer Not Enabled<br/><sup><sub>8d29754a-2a18-460d-a1ba-9509f8d359da</sub></sup>|CloudFormation|<span style="color:#edd57e">Low</span>|Best Practices|<a href="../cloudformation-queries/aws/8d29754a-2a18-460d-a1ba-9509f8d359da" onclick="newWindowOpenerSafe(event, '../cloudformation-queries/aws/8d29754a-2a18-460d-a1ba-9509f8d359da')">Query details</a><br><a href="https://docs.amazonaws.cn/en_us/AWSCloudFormation/latest/UserGuide/aws-resource-accessanalyzer-analyzer.html">Documentation</a><br/>|
+|IAM Access Analyzer Not Enabled<br/><sup><sub>8d29754a-2a18-460d-a1ba-9509f8d359da</sub></sup>|CloudFormation|<span style="color:#edd57e">Low</span>|Best Practices|<a href="../cloudformation-queries/aws/8d29754a-2a18-460d-a1ba-9509f8d359da" onclick="newWindowOpenerSafe(event, '../cloudformation-queries/aws/8d29754a-2a18-460d-a1ba-9509f8d359da')">Query details</a><br><a href="https://docs.aws.amazon.com/en_us/AWSCloudFormation/latest/UserGuide/aws-resource-accessanalyzer-analyzer.html">Documentation</a><br/>|
 |IAM Password Without Minimum Length<br/><sup><sub>b1b20ae3-8fa7-4af5-a74d-a2145920fcb1</sub></sup>|CloudFormation|<span style="color:#edd57e">Low</span>|Best Practices|<a href="../cloudformation-queries/aws/b1b20ae3-8fa7-4af5-a74d-a2145920fcb1" onclick="newWindowOpenerSafe(event, '../cloudformation-queries/aws/b1b20ae3-8fa7-4af5-a74d-a2145920fcb1')">Query details</a><br><a href="https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/quickref-iam.html#scenario-iam-user">Documentation</a><br/>|
 |IAM Policies Without Groups<br/><sup><sub>5e7acff5-095b-40ac-9073-ac2e4ad8a512</sub></sup>|CloudFormation|<span style="color:#edd57e">Low</span>|Best Practices|<a href="../cloudformation-queries/aws/5e7acff5-095b-40ac-9073-ac2e4ad8a512" onclick="newWindowOpenerSafe(event, '../cloudformation-queries/aws/5e7acff5-095b-40ac-9073-ac2e4ad8a512')">Query details</a><br><a href="https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/quickref-iam.html#scenario-iam-policy">Documentation</a><br/>|
 |Lambda Permission Misconfigured<br/><sup><sub>9b83114b-b2a1-4534-990d-06da015e47aa</sub></sup>|CloudFormation|<span style="color:#edd57e">Low</span>|Best Practices|<a href="../cloudformation-queries/aws/9b83114b-b2a1-4534-990d-06da015e47aa" onclick="newWindowOpenerSafe(event, '../cloudformation-queries/aws/9b83114b-b2a1-4534-990d-06da015e47aa')">Query details</a><br><a href="https://docs.aws.amazon.com/pt_br/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-permission.html">Documentation</a><br/>|
diff --git a/docs/queries/cloudformation-queries.md b/docs/queries/cloudformation-queries.md
index f743d743ee6..b6f4624a739 100644
--- a/docs/queries/cloudformation-queries.md
+++ b/docs/queries/cloudformation-queries.md
@@ -194,7 +194,7 @@ Below are listed queries related to CloudFormation AWS:
 |S3 Bucket CloudTrail Logging Disabled<br/><sup><sub>c3ce69fd-e3df-49c6-be78-1db3f802261c</sub></sup>|<span style="color:#ff7213">Medium</span>|Observability|<a href="../cloudformation-queries/aws/c3ce69fd-e3df-49c6-be78-1db3f802261c" onclick="newWindowOpenerSafe(event, '../cloudformation-queries/aws/c3ce69fd-e3df-49c6-be78-1db3f802261c')">Query details</a><br><a href="https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket.html#cfn-s3-bucket-loggingconfig">Documentation</a><br/>|
 |S3 Bucket Logging Disabled<br/><sup><sub>4552b71f-0a2a-4bc4-92dd-ed7ec1b4674c</sub></sup>|<span style="color:#ff7213">Medium</span>|Observability|<a href="../cloudformation-queries/aws/4552b71f-0a2a-4bc4-92dd-ed7ec1b4674c" onclick="newWindowOpenerSafe(event, '../cloudformation-queries/aws/4552b71f-0a2a-4bc4-92dd-ed7ec1b4674c')">Query details</a><br><a href="https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-s3-bucket.html#cfn-s3-bucket-loggingconfig">Documentation</a><br/>|
 |VPC FlowLogs Disabled<br/><sup><sub>f6d299d2-21eb-41cc-b1e1-fe12d857500b</sub></sup>|<span style="color:#ff7213">Medium</span>|Observability|<a href="../cloudformation-queries/aws/f6d299d2-21eb-41cc-b1e1-fe12d857500b" onclick="newWindowOpenerSafe(event, '../cloudformation-queries/aws/f6d299d2-21eb-41cc-b1e1-fe12d857500b')">Query details</a><br><a href="https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-flowlog.html">Documentation</a><br/>|
-|High Access Key Rotation Period<br/><sup><sub>800fa019-49dd-421b-9042-7331fdd83fa2</sub></sup>|<span style="color:#ff7213">Medium</span>|Secret Management|<a href="../cloudformation-queries/aws/800fa019-49dd-421b-9042-7331fdd83fa2" onclick="newWindowOpenerSafe(event, '../cloudformation-queries/aws/800fa019-49dd-421b-9042-7331fdd83fa2')">Query details</a><br><a href="https://docs.amazonaws.cn/en_us/config/latest/developerguide/access-keys-rotated.html">Documentation</a><br/>|
+|High Access Key Rotation Period<br/><sup><sub>800fa019-49dd-421b-9042-7331fdd83fa2</sub></sup>|<span style="color:#ff7213">Medium</span>|Secret Management|<a href="../cloudformation-queries/aws/800fa019-49dd-421b-9042-7331fdd83fa2" onclick="newWindowOpenerSafe(event, '../cloudformation-queries/aws/800fa019-49dd-421b-9042-7331fdd83fa2')">Query details</a><br><a href="https://docs.aws.amazon.com/en_us/config/latest/developerguide/access-keys-rotated.html">Documentation</a><br/>|
 |IAM User With No Group<br/><sup><sub>06933df4-0ea7-461c-b9b5-104d27390e0e</sub></sup>|<span style="color:#edd57e">Low</span>|Access Control|<a href="../cloudformation-queries/aws/06933df4-0ea7-461c-b9b5-104d27390e0e" onclick="newWindowOpenerSafe(event, '../cloudformation-queries/aws/06933df4-0ea7-461c-b9b5-104d27390e0e')">Query details</a><br><a href="https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/quickref-iam.html#scenario-iam-policy">Documentation</a><br/>|
 |Support Has No Role Associated<br/><sup><sub>d71b5fd7-9020-4b2d-9ec8-b3839faa2744</sub></sup>|<span style="color:#edd57e">Low</span>|Access Control|<a href="../cloudformation-queries/aws/d71b5fd7-9020-4b2d-9ec8-b3839faa2744" onclick="newWindowOpenerSafe(event, '../cloudformation-queries/aws/d71b5fd7-9020-4b2d-9ec8-b3839faa2744')">Query details</a><br><a href="https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-iam-policy.html">Documentation</a><br/>|
 |EBS Volume Not Attached To Instances<br/><sup><sub>1819ac03-542b-4026-976b-f37addd59f3b</sub></sup>|<span style="color:#edd57e">Low</span>|Availability|<a href="../cloudformation-queries/aws/1819ac03-542b-4026-976b-f37addd59f3b" onclick="newWindowOpenerSafe(event, '../cloudformation-queries/aws/1819ac03-542b-4026-976b-f37addd59f3b')">Query details</a><br><a href="https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-ebs-volumeattachment.html">Documentation</a><br/>|
@@ -206,7 +206,7 @@ Below are listed queries related to CloudFormation AWS:
 |CDN Configuration Is Missing<br/><sup><sub>e4f54ff4-d352-40e8-a096-5141073c37a2</sub></sup>|<span style="color:#edd57e">Low</span>|Best Practices|<a href="../cloudformation-queries/aws/e4f54ff4-d352-40e8-a096-5141073c37a2" onclick="newWindowOpenerSafe(event, '../cloudformation-queries/aws/e4f54ff4-d352-40e8-a096-5141073c37a2')">Query details</a><br><a href="https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-cloudfront-distribution-distributionconfig.html">Documentation</a><br/>|
 |Cognito UserPool Without MFA<br/><sup><sub>74a18d1a-cf02-4a31-8791-ed0967ad7fdc</sub></sup>|<span style="color:#edd57e">Low</span>|Best Practices|<a href="../cloudformation-queries/aws/74a18d1a-cf02-4a31-8791-ed0967ad7fdc" onclick="newWindowOpenerSafe(event, '../cloudformation-queries/aws/74a18d1a-cf02-4a31-8791-ed0967ad7fdc')">Query details</a><br><a href="https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cognito-userpool.html">Documentation</a><br/>|
 |Geo Restriction Disabled<br/><sup><sub>7f8843f0-9ea5-42b4-a02b-753055113195</sub></sup>|<span style="color:#edd57e">Low</span>|Best Practices|<a href="../cloudformation-queries/aws/7f8843f0-9ea5-42b4-a02b-753055113195" onclick="newWindowOpenerSafe(event, '../cloudformation-queries/aws/7f8843f0-9ea5-42b4-a02b-753055113195')">Query details</a><br><a href="https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/georestrictions.html">Documentation</a><br/>|
-|IAM Access Analyzer Not Enabled<br/><sup><sub>8d29754a-2a18-460d-a1ba-9509f8d359da</sub></sup>|<span style="color:#edd57e">Low</span>|Best Practices|<a href="../cloudformation-queries/aws/8d29754a-2a18-460d-a1ba-9509f8d359da" onclick="newWindowOpenerSafe(event, '../cloudformation-queries/aws/8d29754a-2a18-460d-a1ba-9509f8d359da')">Query details</a><br><a href="https://docs.amazonaws.cn/en_us/AWSCloudFormation/latest/UserGuide/aws-resource-accessanalyzer-analyzer.html">Documentation</a><br/>|
+|IAM Access Analyzer Not Enabled<br/><sup><sub>8d29754a-2a18-460d-a1ba-9509f8d359da</sub></sup>|<span style="color:#edd57e">Low</span>|Best Practices|<a href="../cloudformation-queries/aws/8d29754a-2a18-460d-a1ba-9509f8d359da" onclick="newWindowOpenerSafe(event, '../cloudformation-queries/aws/8d29754a-2a18-460d-a1ba-9509f8d359da')">Query details</a><br><a href="https://docs.aws.amazon.com/en_us/AWSCloudFormation/latest/UserGuide/aws-resource-accessanalyzer-analyzer.html">Documentation</a><br/>|
 |IAM Password Without Minimum Length<br/><sup><sub>b1b20ae3-8fa7-4af5-a74d-a2145920fcb1</sub></sup>|<span style="color:#edd57e">Low</span>|Best Practices|<a href="../cloudformation-queries/aws/b1b20ae3-8fa7-4af5-a74d-a2145920fcb1" onclick="newWindowOpenerSafe(event, '../cloudformation-queries/aws/b1b20ae3-8fa7-4af5-a74d-a2145920fcb1')">Query details</a><br><a href="https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/quickref-iam.html#scenario-iam-user">Documentation</a><br/>|
 |IAM Policies Without Groups<br/><sup><sub>5e7acff5-095b-40ac-9073-ac2e4ad8a512</sub></sup>|<span style="color:#edd57e">Low</span>|Best Practices|<a href="../cloudformation-queries/aws/5e7acff5-095b-40ac-9073-ac2e4ad8a512" onclick="newWindowOpenerSafe(event, '../cloudformation-queries/aws/5e7acff5-095b-40ac-9073-ac2e4ad8a512')">Query details</a><br><a href="https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/quickref-iam.html#scenario-iam-policy">Documentation</a><br/>|
 |Lambda Permission Misconfigured<br/><sup><sub>9b83114b-b2a1-4534-990d-06da015e47aa</sub></sup>|<span style="color:#edd57e">Low</span>|Best Practices|<a href="../cloudformation-queries/aws/9b83114b-b2a1-4534-990d-06da015e47aa" onclick="newWindowOpenerSafe(event, '../cloudformation-queries/aws/9b83114b-b2a1-4534-990d-06da015e47aa')">Query details</a><br><a href="https://docs.aws.amazon.com/pt_br/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-permission.html">Documentation</a><br/>|
diff --git a/docs/queries/cloudformation-queries/aws/800fa019-49dd-421b-9042-7331fdd83fa2.md b/docs/queries/cloudformation-queries/aws/800fa019-49dd-421b-9042-7331fdd83fa2.md
index 59678010aa1..ada780a757e 100644
--- a/docs/queries/cloudformation-queries/aws/800fa019-49dd-421b-9042-7331fdd83fa2.md
+++ b/docs/queries/cloudformation-queries/aws/800fa019-49dd-421b-9042-7331fdd83fa2.md
@@ -25,7 +25,7 @@ hide:
 
 ### Description
 ConfigRule should enforce access keys to be rotated within 90 days.<br>
-[Documentation](https://docs.amazonaws.cn/en_us/config/latest/developerguide/access-keys-rotated.html)
+[Documentation](https://docs.aws.amazon.com/en_us/config/latest/developerguide/access-keys-rotated.html)
 
 ### Code samples
 #### Code samples with security vulnerabilities
diff --git a/docs/queries/cloudformation-queries/aws/8d29754a-2a18-460d-a1ba-9509f8d359da.md b/docs/queries/cloudformation-queries/aws/8d29754a-2a18-460d-a1ba-9509f8d359da.md
index 5e429d5b424..988e9886e94 100644
--- a/docs/queries/cloudformation-queries/aws/8d29754a-2a18-460d-a1ba-9509f8d359da.md
+++ b/docs/queries/cloudformation-queries/aws/8d29754a-2a18-460d-a1ba-9509f8d359da.md
@@ -25,7 +25,7 @@ hide:
 
 ### Description
 IAM Access Analyzer should be enabled and configured to continuously monitor resource permissions<br>
-[Documentation](https://docs.amazonaws.cn/en_us/AWSCloudFormation/latest/UserGuide/aws-resource-accessanalyzer-analyzer.html)
+[Documentation](https://docs.aws.amazon.com/en_us/AWSCloudFormation/latest/UserGuide/aws-resource-accessanalyzer-analyzer.html)
 
 ### Code samples
 #### Code samples with security vulnerabilities
diff --git a/docs/queries/common-queries/a88baa34-e2ad-44ea-ad6f-8cac87bc7c71.md b/docs/queries/common-queries/a88baa34-e2ad-44ea-ad6f-8cac87bc7c71.md
index 0de5552e6d8..967cd218eed 100644
--- a/docs/queries/common-queries/a88baa34-e2ad-44ea-ad6f-8cac87bc7c71.md
+++ b/docs/queries/common-queries/a88baa34-e2ad-44ea-ad6f-8cac87bc7c71.md
@@ -1149,7 +1149,7 @@ resource "google_container_cluster" "primary1" {
 </details>
 <details><summary>Positive test num. 41 - yaml file</summary>
 
-```yaml hl_lines="20"
+```yaml hl_lines="20 21"
 version: '3.9'
 services:
   vulnerable_node:
@@ -1170,6 +1170,8 @@ services:
     environment:
       - POSTGRES_USER=postgres
       - POSTGRES_PASSWORD=postgres
+      - POSTGRES_PASSWORD=string
+
 ```
 </details>
 <details><summary>Positive test num. 42 - tf file</summary>
@@ -2714,7 +2716,80 @@ jobs:
           echo "RESTAPI_MGT_APPSEC=${restapi_mgt_appsec}" >> $GITHUB_ENV
 ```
 </details>
-<details><summary>Negative test num. 42 - dockerfile file</summary>
+<details><summary>Negative test num. 42 - tf file</summary>
+
+```tf
+provider "azurerm" {
+  features {}
+}
+
+# Example of using an existing Key Vault and secret
+data "azurerm_key_vault" "example" {
+  name                = "your-key-vault-name"
+  resource_group_name = "your-resource-group"
+}
+
+data "azurerm_key_vault_secret" "LinuxVmPassword" {
+  name          = "your-secret-name"
+  key_vault_id  = data.azurerm_key_vault.example.id
+}
+
+resource "azurerm_linux_virtual_machine" "example_vm" {
+  name                = "example-vm"
+  resource_group_name = "your-resource-group"
+  location            = "your-location"
+  size                = "Standard_DS1_v2"
+  admin_username      = "adminuser"
+  admin_password      = data.azurerm_key_vault_secret.LinuxVmPassword.value
+
+  network_interface_ids = [
+    # Your network interface ID
+  ]
+
+  os_disk {
+    caching              = "ReadWrite"
+    storage_account_type = "Standard_LRS"
+  }
+
+  source_image_reference {
+    publisher = "Canonical"
+    offer     = "UbuntuServer"
+    sku       = "18.04-LTS"
+    version   = "latest"
+  }
+}
+
+output "vm_password" {
+  value     = data.azurerm_key_vault_secret.LinuxVmPassword.value
+  sensitive = true
+}
+
+```
+</details>
+<details><summary>Negative test num. 43 - tf file</summary>
+
+```tf
+data "template_file" "sci_integration_app_properties_secret_template" {
+  template = file(join("", ["/secrets/sci-integration-app", var.resource_identifier_shorthand], ".json"))
+
+  vars = {
+    ayreshirerarran_password   = data.aws_kms_secrets.sci_app_kms_secrets.plaintext["ayreshirerarran_password"]
+    lanark_password            = data.aws_kms_secrets.sci_app_kms_secrets.plaintext["lanark_password"]
+    tayside_password           = data.aws_kms_secrets.sci_app_kms_secrets.plaintext["tayside_password"]
+    glasgow_password           = data.aws_kms_secrets.sci_app_kms_secrets.plaintext["glasgow_password"]
+    grampian_password          = data.aws_kms_secrets.sci_app_kms_secrets.plaintext["grampian_password"]
+    highland_password          = data.aws_kms_secrets.sci_app_kms_secrets.plaintext["highland_password"]
+    westernisles_password      = data.aws_kms_secrets.sci_app_kms_secrets.plaintext["westernisles_password"]
+    dumfriesandgalloway_password = data.aws_kms_secrets.sci_app_kms_secrets.plaintext["dumfriesandgalloway_password"]
+    forthvalley_password       = data.aws_kms_secrets.sci_app_kms_secrets.plaintext["forthvalley_password"]
+    borders_password           = data.aws_kms_secrets.sci_app_kms_secrets.plaintext["borders_password"]
+    lothian_password           = data.aws_kms_secrets.sci_app_kms_secrets.plaintext["lothian_password"]
+  }
+}
+
+```
+</details>
+<details><summary>Negative test num. 44 - dockerfile file</summary>
 
 ```dockerfile
 FROM baseImage
@@ -2723,7 +2798,7 @@ RUN command
 
 ```
 </details>
-<details><summary>Negative test num. 43 - json file</summary>
+<details><summary>Negative test num. 45 - json file</summary>
 
 ```json
 {
@@ -2743,7 +2818,7 @@ RUN command
 
 ```
 </details>
-<details><summary>Negative test num. 44 - tf file</summary>
+<details><summary>Negative test num. 46 - tf file</summary>
 
 ```tf
 resource "google_container_cluster" "primary3" {
@@ -2768,7 +2843,7 @@ resource "google_container_cluster" "primary3" {
 
 ```
 </details>
-<details><summary>Negative test num. 45 - tf file</summary>
+<details><summary>Negative test num. 47 - tf file</summary>
 
 ```tf
 resource "google_container_cluster" "primary5" {
@@ -2793,7 +2868,7 @@ resource "google_container_cluster" "primary5" {
 
 ```
 </details>
-<details><summary>Negative test num. 46 - tf file</summary>
+<details><summary>Negative test num. 48 - tf file</summary>
 
 ```tf
 resource "google_secret_manager_secret" "secret-basic" {
diff --git a/docs/queries/openapi-queries/cf4a5f45-a27b-49df-843a-9911dbfe71d4.md b/docs/queries/openapi-queries/cf4a5f45-a27b-49df-843a-9911dbfe71d4.md
index 0165dc8e09b..b88d6ad673e 100644
--- a/docs/queries/openapi-queries/cf4a5f45-a27b-49df-843a-9911dbfe71d4.md
+++ b/docs/queries/openapi-queries/cf4a5f45-a27b-49df-843a-9911dbfe71d4.md
@@ -24,7 +24,7 @@ hide:
 -   **URL:** [Github](https://github.com/Checkmarx/kics/tree/master/assets/queries/openAPI/3.0/invalid_media_type_value)
 
 ### Description
-The Media Type value should match the following format: <type>/<subtype>[+suffix][;parameters]<br>
+The Media Type value should match the following format: `<type>/<subtype>[+suffix][;parameters]`<br>
 [Documentation](https://swagger.io/specification/#media-type-object)
 
 ### Code samples
@@ -212,3 +212,392 @@ paths:
                 contentType: image/png, image/jpeg
 
 ```
+```yaml title="Negative test num. 3 - yaml file"
+openapi: 3.0.0
+info:
+  title: Pet Store API
+  version: 1.0.0
+servers:
+  - url: https://api.example.com/v1
+paths:
+  /pets:
+    get:
+      summary: Get a list of pets
+      responses:
+        '200':
+          description: Successful response
+          content:
+            application/json:
+              example: { "pets": ["dog", "cat"] }
+    post:
+      summary: Add a new pet
+      requestBody:
+        content:
+          application/json:
+            schema:
+              type: object
+              properties:
+                name:
+                  type: string
+                  example: "Fido"
+                  pattern: "^[A-Za-z]{1,20}$"
+                species:
+                  type: string
+                  example: "dog"
+                color:
+                  type: string
+                  enum:
+                    - brown
+                    - grey
+                    - black
+                    - white
+                birthDate:
+                  type: string
+                  format: date
+                weight:
+                  type: integer
+                  format: int32
+                someSubType:
+                  type: 'object'
+                  properties:
+                    content:
+                      type: string
+      responses:
+        '201':
+          description: Pet added successfully
+  /pets/{petId}:
+    get:
+      summary: Get details of a specific pet
+      parameters:
+        - name: petId
+          in: path
+          required: true
+          schema:
+            type: integer
+            format: int64
+      responses:
+        '200':
+          description: Successful response
+          content:
+            application/json:
+              example: { "name": "Fido", "species": "dog" }
+
+```
+<details><summary>Negative test num. 4 - json file</summary>
+
+```json
+{
+  "openapi": "3.0.0",
+  "info": {
+    "title": "Pet Store API",
+    "version": "1.0.0"
+  },
+  "servers": [
+    {
+      "url": "https://api.example.com/v1"
+    }
+  ],
+  "paths": {
+    "/pets": {
+      "get": {
+        "summary": "Get a list of pets",
+        "responses": {
+          "200": {
+            "description": "Successful response",
+            "content": {
+              "application/json": {
+                "example": { "pets": ["dog", "cat"] }
+              }
+            }
+          }
+        }
+      },
+      "post": {
+        "summary": "Add a new pet",
+        "requestBody": {
+          "content": {
+            "application/json": {
+              "schema": {
+                "type": "object",
+                "properties": {
+                  "name": {
+                    "type": "string",
+                    "example": "Fido",
+                    "pattern": "^[A-Za-z]{1,20}$"
+                  },
+                  "species": {
+                    "type": "string",
+                    "example": "dog"
+                  },
+                  "color": {
+                    "type": "string",
+                    "enum": [
+                      "brown",
+                      "grey",
+                      "black",
+                      "white"
+                    ]
+                  },
+                  "birthDate": {
+                    "type": "string",
+                    "format": "date"
+                  },
+                  "weight": {
+                    "type": "integer",
+                    "format": "int32"
+                  },
+                  "someSubType": {
+                    "type": "object",
+                    "properties": {
+                      "content": {
+                        "type": "string"
+                      }
+                    }
+                  }
+                }
+              }
+            }
+          }
+        },
+        "responses": {
+          "201": {
+            "description": "Pet added successfully"
+          }
+        }
+      }
+    },
+    "/pets/{petId}": {
+      "get": {
+        "summary": "Get details of a specific pet",
+        "parameters": [
+          {
+            "name": "petId",
+            "in": "path",
+            "required": true,
+            "schema": {
+              "type": "integer",
+              "format": "int64"
+            }
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "Successful response",
+            "content": {
+              "application/json": {
+                "example": { "name": "Fido", "species": "dog" }
+              }
+            }
+          }
+        }
+      }
+    }
+  }
+}
+
+```
+</details>
+<details><summary>Negative test num. 5 - yaml file</summary>
+
+```yaml
+openapi: 3.0.0
+info:
+  title: Pet Store API
+  version: 1.0.0
+servers:
+  - url: https://api.example.com/v1
+paths:
+  /pets:
+    get:
+      summary: Get a list of pets
+      responses:
+        '200':
+          description: Successful response
+          content:
+            application/json:
+              example: { "pets": ["dog", "cat"] }
+    post:
+      summary: Add a new pet
+      requestBody:
+        content:
+          application/json:
+            schema:
+              type: object
+              properties:
+                name:
+                  type: string
+                  example: "Fido"
+                  pattern: "^[A-Za-z]{1,20}$"
+                species:
+                  type: string
+                  example: "dog"
+                color:
+                  type: string
+                  enum:
+                    - brown
+                    - grey
+                    - black
+                    - white
+                birthDate:
+                  type: string
+                  format: date
+                weight:
+                  type: integer
+                  format: int32
+                someSubType:
+                  type: 'object'
+                  properties:
+                    content:
+                      type: 'object'
+                      properties:
+                        content:
+                          type: object
+                          properties:
+                            key1:
+                              type: string
+                            key2:
+                              type: integer
+      responses:
+        '201':
+          description: Pet added successfully
+  /pets/{petId}:
+    get:
+      summary: Get details of a specific pet
+      parameters:
+        - name: petId
+          in: path
+          required: true
+          schema:
+            type: integer
+            format: int64
+      responses:
+        '200':
+          description: Successful response
+          content:
+            application/json:
+              example: { "name": "Fido", "species": "dog" }
+
+```
+</details>
+<details><summary>Negative test num. 6 - json file</summary>
+
+```json
+{
+  "openapi": "3.0.0",
+  "info": {
+    "title": "Pet Store API",
+    "version": "1.0.0"
+  },
+  "servers": [
+    {
+      "url": "https://api.example.com/v1"
+    }
+  ],
+  "paths": {
+    "/pets": {
+      "get": {
+        "summary": "Get a list of pets",
+        "responses": {
+          "200": {
+            "description": "Successful response",
+            "content": {
+              "application/json": {
+                "example": { "pets": ["dog", "cat"] }
+              }
+            }
+          }
+        }
+      },
+      "post": {
+        "summary": "Add a new pet",
+        "requestBody": {
+          "content": {
+            "application/json": {
+              "schema": {
+                "type": "object",
+                "properties": {
+                  "name": {
+                    "type": "string",
+                    "example": "Fido",
+                    "pattern": "^[A-Za-z]{1,20}$"
+                  },
+                  "species": {
+                    "type": "string",
+                    "example": "dog"
+                  },
+                  "color": {
+                    "type": "string",
+                    "enum": ["brown", "grey", "black", "white"]
+                  },
+                  "birthDate": {
+                    "type": "string",
+                    "format": "date"
+                  },
+                  "weight": {
+                    "type": "integer",
+                    "format": "int32"
+                  },
+                  "someSubType": {
+                    "type": "object",
+                    "properties": {
+                      "content": {
+                        "type": "object",
+                        "properties": {
+                          "content": {
+                            "type": "object",
+                            "properties": {
+                              "key1": {
+                                "type": "string"
+                              },
+                              "key2": {
+                                "type": "integer"
+                              }
+                            }
+                          }
+                        }
+                      }
+                    }
+                  }
+                }
+              }
+            }
+          }
+        },
+        "responses": {
+          "201": {
+            "description": "Pet added successfully"
+          }
+        }
+      }
+    },
+    "/pets/{petId}": {
+      "get": {
+        "summary": "Get details of a specific pet",
+        "parameters": [
+          {
+            "name": "petId",
+            "in": "path",
+            "required": true,
+            "schema": {
+              "type": "integer",
+              "format": "int64"
+            }
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "Successful response",
+            "content": {
+              "application/json": {
+                "example": { "name": "Fido", "species": "dog" }
+              }
+            }
+          }
+        }
+      }
+    }
+  }
+}
+
+```
+</details>
diff --git a/docs/queries/openapi-queries/f985a7d2-d404-4a7f-9814-f645f791e46e.md b/docs/queries/openapi-queries/f985a7d2-d404-4a7f-9814-f645f791e46e.md
index 03da02cd931..e4d9558e4d8 100644
--- a/docs/queries/openapi-queries/f985a7d2-d404-4a7f-9814-f645f791e46e.md
+++ b/docs/queries/openapi-queries/f985a7d2-d404-4a7f-9814-f645f791e46e.md
@@ -24,7 +24,7 @@ hide:
 -   **URL:** [Github](https://github.com/Checkmarx/kics/tree/master/assets/queries/openAPI/2.0/invalid_media_type_value)
 
 ### Description
-The Media Type value should match the following format: <type>/<subtype>[+suffix][;parameters]<br>
+The Media Type value should match the following format: `<type>/<subtype>[+suffix][;parameters]`<br>
 [Documentation](https://swagger.io/specification/#media-type-object)
 
 ### Code samples
diff --git a/e2e/fixtures/E2E_CLI_031_RESULT.html b/e2e/fixtures/E2E_CLI_031_RESULT.html
index 00f1649e8ff..b08e241c346 100644
--- a/e2e/fixtures/E2E_CLI_031_RESULT.html
+++ b/e2e/fixtures/E2E_CLI_031_RESULT.html
@@ -60,7 +60,7 @@
 <span><strong>Found:</strong> 'Resources.TaskDefinition.Properties.ContainerDefinitions' doesn't contain 'HealthCheck' property</span></div><div class="code-box"><div class="code-line"><span class="code-line-counter">50</span><span class="code"> ContainerDefinitions:</span></div><div class="code-line error"><span class="code-line-counter">51</span><span class="code"> - Name: simple-app</span></div><div class="code-line"><span class="code-line-counter">52</span><span class="code"> Cpu: 10</span></div></div></div><div class="vulnerable-info"><div class="vulnerable-info-header"><strong>File: /path/e2e/fixtures/samples/positive.yaml</strong>
 <span>Line 67</span></div><div class="vulnerable-info-details"><span><strong>Expected:</strong> 'Resources.TaskDefinition.Properties.ContainerDefinitions' should contain 'HealthCheck' property</span>
 <span><strong>Found:</strong> 'Resources.TaskDefinition.Properties.ContainerDefinitions' doesn't contain 'HealthCheck' property</span></div><div class="code-box"><div class="code-line"><span class="code-line-counter">66</span><span class="code"> - ContainerPort: 80</span></div><div class="code-line error"><span class="code-line-counter">67</span><span class="code"> - Name: busybox</span></div><div class="code-line"><span class="code-line-counter">68</span><span class="code"> Cpu: 10</span></div></div></div></details></div></div><div data-type="severity" data-name="LOW"><hr class="separator"><div class="query"><div class="query-info"><div class="query-title"><h2><div class="kics-purple"><svg xmlns="http://www.w3.org/2000/svg" enable-background="new 0 0 24 24" height="24px" viewBox="0 0 24 24" width="24px" fill="#000000"><g><path d="M0,0h24v24H0V0z" fill="none"/></g><g><g><path d="M12,2L4,5v6.09c0,5.05,3.41,9.76,8,10.91c4.59-1.15,8-5.86,8-10.91V5L12,2z M18,11.09c0,4-2.55,7.7-6,8.83 c-3.45-1.13-6-4.82-6-8.83v-4.7l6-2.25l6,2.25V11.09z"/><rect height="2" width="2" x="11" y="14"/><rect height="5" width="2" x="11" y="7"/></g></g></svg></div><span class="query-name">IAM Access Analyzer Not Enabled</span></h2><span><strong>Platform:</strong> <span class="query-info-platform">CloudFormation</span></span>
-<span><strong>Category:</strong> <span class="query-info-category">Best Practices</span></span></div><div class="query-details"><span class="query-description-title">IAM Access Analyzer should be enabled and configured to continuously monitor resource permissions</span><span><a href="https://docs.amazonaws.cn/en_us/AWSCloudFormation/latest/UserGuide/aws-resource-accessanalyzer-analyzer.html" rel="noopener" target="_blank">https://docs.amazonaws.cn/en_us/AWSCloudFormation/latest/UserGuide/aws-resource-accessanalyzer-analyzer.html</a></span></div></div><details><summary>Results (<span class="severity-partial-count-low">1</span>)</summary><div class="vulnerable-info"><div class="vulnerable-info-header"><strong>File: /path/e2e/fixtures/samples/positive.yaml</strong>
+<span><strong>Category:</strong> <span class="query-info-category">Best Practices</span></span></div><div class="query-details"><span class="query-description-title">IAM Access Analyzer should be enabled and configured to continuously monitor resource permissions</span><span><a href="https://docs.aws.amazon.com/en_us/AWSCloudFormation/latest/UserGuide/aws-resource-accessanalyzer-analyzer.html" rel="noopener" target="_blank">https://docs.aws.amazon.com/en_us/AWSCloudFormation/latest/UserGuide/aws-resource-accessanalyzer-analyzer.html</a></span></div></div><details><summary>Results (<span class="severity-partial-count-low">1</span>)</summary><div class="vulnerable-info"><div class="vulnerable-info-header"><strong>File: /path/e2e/fixtures/samples/positive.yaml</strong>
 <span>Line 9</span></div><div class="vulnerable-info-details"><span><strong>Expected:</strong> 'AWS::AccessAnalyzer::Analyzer' should be set</span>
 <span><strong>Found:</strong> 'AWS::AccessAnalyzer::Analyzer' is undefined</span></div><div class="code-box"><div class="code-line"><span class="code-line-counter">8</span><span class="code"> Description: Select at two subnets in your selected VPC.</span></div><div class="code-line error"><span class="code-line-counter">9</span><span class="code">Resources:</span></div><div class="code-line"><span class="code-line-counter">10</span><span class="code"> ECSCluster:</span></div></div></div></details></div></div><div data-type="severity" data-name="LOW"><hr class="separator"><div class="query"><div class="query-info"><div class="query-title"><h2><div class="kics-purple"><svg xmlns="http://www.w3.org/2000/svg" enable-background="new 0 0 24 24" height="24px" viewBox="0 0 24 24" width="24px" fill="#000000"><g><path d="M0,0h24v24H0V0z" fill="none"/></g><g><g><path d="M12,2L4,5v6.09c0,5.05,3.41,9.76,8,10.91c4.59-1.15,8-5.86,8-10.91V5L12,2z M18,11.09c0,4-2.55,7.7-6,8.83 c-3.45-1.13-6-4.82-6-8.83v-4.7l6-2.25l6,2.25V11.09z"/><rect height="2" width="2" x="11" y="14"/><rect height="5" width="2" x="11" y="7"/></g></g></svg></div><span class="query-name">Secrets Manager Should Specify KmsKeyId</span></h2><span><strong>Platform:</strong> <span class="query-info-platform">CloudFormation</span></span>
 <span><strong>Category:</strong> <span class="query-info-category">Secret Management</span></span></div><div class="query-details"><span class="query-description-title">Secrets Manager Secret should explicitly specify KmsKeyId, this will allow the secret to be shared cross-account</span><span><a href="https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-secretsmanager-secret.html" rel="noopener" target="_blank">https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-secretsmanager-secret.html</a></span></div></div><details><summary>Results (<span class="severity-partial-count-low">1</span>)</summary><div class="vulnerable-info"><div class="vulnerable-info-header"><strong>File: /path/e2e/fixtures/samples/positive.yaml</strong>
@@ -82,4 +82,4 @@
             </g>
         </g>
     </g>
-</svg></div></a></div><div class="report-header-footer"><span class="footer-text">The KICS project is powered by&nbsp;<a href="https://www.checkmarx.com/" class="checkmarx" rel="noopener" target="_blank">Checkmarx</a>, global leader of Application Security Testing</span></div></div></body></html>
\ No newline at end of file
+</svg></div></a></div><div class="report-header-footer"><span class="footer-text">The KICS project is powered by&nbsp;<a href="https://www.checkmarx.com/" class="checkmarx" rel="noopener" target="_blank">Checkmarx</a>, global leader of Application Security Testing</span></div></div></body></html>
diff --git a/e2e/fixtures/E2E_CLI_032_RESULT.json b/e2e/fixtures/E2E_CLI_032_RESULT.json
index df191bf70a8..b951b185607 100644
--- a/e2e/fixtures/E2E_CLI_032_RESULT.json
+++ b/e2e/fixtures/E2E_CLI_032_RESULT.json
@@ -482,7 +482,7 @@
     {
       "query_name": "IAM Access Analyzer Not Enabled",
       "query_id": "8d29754a-2a18-460d-a1ba-9509f8d359da",
-      "query_url": "https://docs.amazonaws.cn/en_us/AWSCloudFormation/latest/UserGuide/aws-resource-accessanalyzer-analyzer.html",
+      "query_url": "https://docs.aws.amazon.com/en_us/AWSCloudFormation/latest/UserGuide/aws-resource-accessanalyzer-analyzer.html",
       "severity": "LOW",
       "platform": "CloudFormation",
       "cwe": "778",
diff --git a/e2e/fixtures/E2E_CLI_040_RESULT.html b/e2e/fixtures/E2E_CLI_040_RESULT.html
index 3a4cd3b6cad..131c078087f 100755
--- a/e2e/fixtures/E2E_CLI_040_RESULT.html
+++ b/e2e/fixtures/E2E_CLI_040_RESULT.html
@@ -60,7 +60,7 @@
 <span><strong>Found:</strong> 'Resources.TaskDefinition.Properties.ContainerDefinitions' doesn't contain 'HealthCheck' property</span></div><div class="code-box"><div class="code-line"><span class="code-line-counter">50</span><span class="code"> ContainerDefinitions:</span></div><div class="code-line error"><span class="code-line-counter">51</span><span class="code"> - Name: simple-app</span></div><div class="code-line"><span class="code-line-counter">52</span><span class="code"> Cpu: 10</span></div></div></div><div class="vulnerable-info"><div class="vulnerable-info-header"><strong>File: \path\e2e\fixtures\samples\positive.yaml</strong>
 <span>Line 67</span></div><div class="vulnerable-info-details"><span><strong>Expected:</strong> 'Resources.TaskDefinition.Properties.ContainerDefinitions' should contain 'HealthCheck' property</span>
 <span><strong>Found:</strong> 'Resources.TaskDefinition.Properties.ContainerDefinitions' doesn't contain 'HealthCheck' property</span></div><div class="code-box"><div class="code-line"><span class="code-line-counter">66</span><span class="code"> - ContainerPort: 80</span></div><div class="code-line error"><span class="code-line-counter">67</span><span class="code"> - Name: busybox</span></div><div class="code-line"><span class="code-line-counter">68</span><span class="code"> Cpu: 10</span></div></div></div></details></div></div><div data-type="severity" data-name="LOW"><hr class="separator"><div class="query"><div class="query-info"><div class="query-title"><h2><div class="kics-purple"><svg xmlns="http://www.w3.org/2000/svg" enable-background="new 0 0 24 24" height="24px" viewBox="0 0 24 24" width="24px" fill="#000000"><g><path d="M0,0h24v24H0V0z" fill="none"/></g><g><g><path d="M12,2L4,5v6.09c0,5.05,3.41,9.76,8,10.91c4.59-1.15,8-5.86,8-10.91V5L12,2z M18,11.09c0,4-2.55,7.7-6,8.83 c-3.45-1.13-6-4.82-6-8.83v-4.7l6-2.25l6,2.25V11.09z"/><rect height="2" width="2" x="11" y="14"/><rect height="5" width="2" x="11" y="7"/></g></g></svg></div><span class="query-name">IAM Access Analyzer Not Enabled</span></h2><span><strong>Platform:</strong> <span class="query-info-platform">CloudFormation</span></span>
-<span><strong>Category:</strong> <span class="query-info-category">Best Practices</span></span></div><div class="query-details"><span class="query-description-title">IAM Access Analyzer should be enabled and configured to continuously monitor resource permissions</span><span><a href="https://docs.amazonaws.cn/en_us/AWSCloudFormation/latest/UserGuide/aws-resource-accessanalyzer-analyzer.html" rel="noopener" target="_blank">https://docs.amazonaws.cn/en_us/AWSCloudFormation/latest/UserGuide/aws-resource-accessanalyzer-analyzer.html</a></span></div></div><details><summary>Results (<span class="severity-partial-count-low">1</span>)</summary><div class="vulnerable-info"><div class="vulnerable-info-header"><strong>File: \path\e2e\fixtures\samples\positive.yaml</strong>
+<span><strong>Category:</strong> <span class="query-info-category">Best Practices</span></span></div><div class="query-details"><span class="query-description-title">IAM Access Analyzer should be enabled and configured to continuously monitor resource permissions</span><span><a href="https://docs.aws.amazon.com/en_us/AWSCloudFormation/latest/UserGuide/aws-resource-accessanalyzer-analyzer.html" rel="noopener" target="_blank">https://docs.aws.amazon.com/en_us/AWSCloudFormation/latest/UserGuide/aws-resource-accessanalyzer-analyzer.html</a></span></div></div><details><summary>Results (<span class="severity-partial-count-low">1</span>)</summary><div class="vulnerable-info"><div class="vulnerable-info-header"><strong>File: \path\e2e\fixtures\samples\positive.yaml</strong>
 <span>Line 9</span></div><div class="vulnerable-info-details"><span><strong>Expected:</strong> 'AWS::AccessAnalyzer::Analyzer' should be set</span>
 <span><strong>Found:</strong> 'AWS::AccessAnalyzer::Analyzer' is undefined</span></div><div class="code-box"><div class="code-line"><span class="code-line-counter">8</span><span class="code"> Description: Select at two subnets in your selected VPC.</span></div><div class="code-line error"><span class="code-line-counter">9</span><span class="code">Resources:</span></div><div class="code-line"><span class="code-line-counter">10</span><span class="code"> ECSCluster:</span></div></div></div></details></div></div><div data-type="severity" data-name="LOW"><hr class="separator"><div class="query"><div class="query-info"><div class="query-title"><h2><div class="kics-purple"><svg xmlns="http://www.w3.org/2000/svg" enable-background="new 0 0 24 24" height="24px" viewBox="0 0 24 24" width="24px" fill="#000000"><g><path d="M0,0h24v24H0V0z" fill="none"/></g><g><g><path d="M12,2L4,5v6.09c0,5.05,3.41,9.76,8,10.91c4.59-1.15,8-5.86,8-10.91V5L12,2z M18,11.09c0,4-2.55,7.7-6,8.83 c-3.45-1.13-6-4.82-6-8.83v-4.7l6-2.25l6,2.25V11.09z"/><rect height="2" width="2" x="11" y="14"/><rect height="5" width="2" x="11" y="7"/></g></g></svg></div><span class="query-name">Secrets Manager Should Specify KmsKeyId</span></h2><span><strong>Platform:</strong> <span class="query-info-platform">CloudFormation</span></span>
 <span><strong>Category:</strong> <span class="query-info-category">Secret Management</span></span></div><div class="query-details"><span class="query-description-title">Secrets Manager Secret should explicitly specify KmsKeyId, this will allow the secret to be shared cross-account</span><span><a href="https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-secretsmanager-secret.html" rel="noopener" target="_blank">https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-secretsmanager-secret.html</a></span></div></div><details><summary>Results (<span class="severity-partial-count-low">1</span>)</summary><div class="vulnerable-info"><div class="vulnerable-info-header"><strong>File: \path\e2e\fixtures\samples\positive.yaml</strong>
@@ -82,4 +82,4 @@
             </g>
         </g>
     </g>
-</svg></div></a></div><div class="report-header-footer"><span class="footer-text">The KICS project is powered by&nbsp;<a href="https://www.checkmarx.com/" class="checkmarx" rel="noopener" target="_blank">Checkmarx</a>, global leader of Application Security Testing</span></div></div></body></html>
\ No newline at end of file
+</svg></div></a></div><div class="report-header-footer"><span class="footer-text">The KICS project is powered by&nbsp;<a href="https://www.checkmarx.com/" class="checkmarx" rel="noopener" target="_blank">Checkmarx</a>, global leader of Application Security Testing</span></div></div></body></html>
diff --git a/e2e/fixtures/E2E_CLI_092_RESULT.json b/e2e/fixtures/E2E_CLI_092_RESULT.json
index bddc0661f41..38ece5b260f 100644
--- a/e2e/fixtures/E2E_CLI_092_RESULT.json
+++ b/e2e/fixtures/E2E_CLI_092_RESULT.json
@@ -141,7 +141,7 @@
 		{
 			"query_name": "IAM Access Analyzer Not Enabled",
 			"query_id": "8d29754a-2a18-460d-a1ba-9509f8d359da",
-			"query_url": "https://docs.amazonaws.cn/en_us/AWSCloudFormation/latest/UserGuide/aws-resource-accessanalyzer-analyzer.html",
+			"query_url": "https://docs.aws.amazon.com/en_us/AWSCloudFormation/latest/UserGuide/aws-resource-accessanalyzer-analyzer.html",
 			"severity": "LOW",
 			"platform": "CloudFormation",
 			"cwe": "778",
diff --git a/go.mod b/go.mod
index f60aa97cd2b..02f76043e2d 100644
--- a/go.mod
+++ b/go.mod
@@ -1,6 +1,6 @@
 module github.com/Checkmarx/kics/v2
 
-go 1.23.5
+go 1.23.6
 
 require (
 	code.cloudfoundry.org/bytefmt v0.0.0-20240604172014-5a751eb643b0
@@ -39,17 +39,17 @@ require (
 	github.com/xeipuuv/gojsonschema v1.2.0
 	github.com/yargevad/filepathx v1.0.0
 	github.com/zclconf/go-cty v1.14.4
-	golang.org/x/net v0.34.0
-	golang.org/x/text v0.21.0
+	golang.org/x/net v0.36.0
+	golang.org/x/text v0.22.0
 	golang.org/x/tools v0.26.0
 	gopkg.in/yaml.v3 v3.0.1
-	helm.sh/helm/v3 v3.17.0
+	helm.sh/helm/v3 v3.17.1
 	mvdan.cc/sh/v3 v3.8.0
 )
 
 require (
 	cloud.google.com/go v0.112.1 // indirect
-	cloud.google.com/go/compute/metadata v0.5.0 // indirect
+	cloud.google.com/go/compute/metadata v0.6.0 // indirect
 	cloud.google.com/go/iam v1.1.6 // indirect
 	cloud.google.com/go/storage v1.38.0 // indirect
 	dario.cat/mergo v1.0.1 // indirect
@@ -89,19 +89,20 @@ require (
 	github.com/tchap/go-patricia/v2 v2.3.1 // indirect
 	github.com/x448/float16 v0.8.4 // indirect
 	go.opencensus.io v0.24.0 // indirect
+	go.opentelemetry.io/auto/sdk v1.1.0 // indirect
 	go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.56.0 // indirect
 	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.56.0 // indirect
-	go.opentelemetry.io/otel v1.31.0 // indirect
-	go.opentelemetry.io/otel/metric v1.31.0 // indirect
-	go.opentelemetry.io/otel/sdk v1.31.0 // indirect
-	go.opentelemetry.io/otel/trace v1.31.0 // indirect
+	go.opentelemetry.io/otel v1.34.0 // indirect
+	go.opentelemetry.io/otel/metric v1.34.0 // indirect
+	go.opentelemetry.io/otel/sdk v1.34.0 // indirect
+	go.opentelemetry.io/otel/trace v1.34.0 // indirect
 	go.uber.org/multierr v1.11.0 // indirect
 	golang.org/x/exp v0.0.0-20240909161429-701f63a606c0 // indirect
 	golang.org/x/mod v0.21.0 // indirect
 	google.golang.org/api v0.171.0 // indirect
 	google.golang.org/genproto v0.0.0-20240213162025-012b6fc9bca9 // indirect
-	google.golang.org/genproto/googleapis/api v0.0.0-20241007155032-5fefd90f89a9 // indirect
-	google.golang.org/genproto/googleapis/rpc v0.0.0-20241021214115-324edc3d5d38 // indirect
+	google.golang.org/genproto/googleapis/api v0.0.0-20250106144421-5f5ef82da422 // indirect
+	google.golang.org/genproto/googleapis/rpc v0.0.0-20250115164207-1a7da9e5054f // indirect
 	gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect
 )
 
@@ -121,7 +122,7 @@ require (
 	github.com/boombuler/barcode v1.0.1 // indirect
 	github.com/cespare/xxhash/v2 v2.3.0 // indirect
 	github.com/chai2010/gettext-go v1.0.2 // indirect
-	github.com/containerd/containerd v1.7.24 // indirect
+	github.com/containerd/containerd v1.7.26 // indirect
 	github.com/cyphar/filepath-securejoin v0.3.6 // indirect
 	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
 	github.com/docker/cli v27.5.0+incompatible // indirect
@@ -210,14 +211,14 @@ require (
 	github.com/xlab/treeprint v1.2.0 // indirect
 	github.com/xo/terminfo v0.0.0-20210125001918-ca9a967f8778 // indirect
 	github.com/yashtewari/glob-intersection v0.2.0 // indirect
-	golang.org/x/crypto v0.32.0 // indirect
-	golang.org/x/oauth2 v0.23.0 // indirect
-	golang.org/x/sync v0.10.0 // indirect
-	golang.org/x/sys v0.29.0 // indirect
-	golang.org/x/term v0.28.0 // indirect
+	golang.org/x/crypto v0.35.0 // indirect
+	golang.org/x/oauth2 v0.27.0 // indirect
+	golang.org/x/sync v0.11.0 // indirect
+	golang.org/x/sys v0.30.0 // indirect
+	golang.org/x/term v0.29.0 // indirect
 	golang.org/x/time v0.7.0 // indirect
-	google.golang.org/grpc v1.68.1 // indirect
-	google.golang.org/protobuf v1.35.2 // indirect
+	google.golang.org/grpc v1.71.0 // indirect
+	google.golang.org/protobuf v1.36.4 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
@@ -225,12 +226,12 @@ require (
 	k8s.io/apiextensions-apiserver v0.32.1 // indirect
 	k8s.io/apimachinery v0.32.1
 	k8s.io/apiserver v0.32.1 // indirect
-	k8s.io/cli-runtime v0.32.0 // indirect
+	k8s.io/cli-runtime v0.32.1 // indirect
 	k8s.io/client-go v0.32.1
 	k8s.io/component-base v0.32.1 // indirect
 	k8s.io/klog/v2 v2.130.1 // indirect
 	k8s.io/kube-openapi v0.0.0-20241105132330-32ad38e42d3f // indirect
-	k8s.io/kubectl v0.32.0 // indirect
+	k8s.io/kubectl v0.32.1 // indirect
 	k8s.io/utils v0.0.0-20241104100929-3ea5e8cea738 // indirect
 	oras.land/oras-go v1.2.5 // indirect
 	sigs.k8s.io/controller-runtime v0.14.6
diff --git a/go.sum b/go.sum
index 77edc4f91ff..2ed459537ad 100644
--- a/go.sum
+++ b/go.sum
@@ -68,8 +68,8 @@ cloud.google.com/go/compute v1.6.0/go.mod h1:T29tfhtVbq1wvAPo0E3+7vhgmkOYeXjhFvz
 cloud.google.com/go/compute v1.6.1/go.mod h1:g85FgpzFvNULZ+S8AYq87axRKuf2Kh7deLqV/jJ3thU=
 cloud.google.com/go/compute v1.7.0/go.mod h1:435lt8av5oL9P3fv1OEzSbSUe+ybHXGMPQHHZWZxy9U=
 cloud.google.com/go/compute v1.10.0/go.mod h1:ER5CLbMxl90o2jtNbGSbtfOpQKR0t15FOtRsugnLrlU=
-cloud.google.com/go/compute/metadata v0.5.0 h1:Zr0eK8JbFv6+Wi4ilXAR8FJ3wyNdpxHKJNPos6LTZOY=
-cloud.google.com/go/compute/metadata v0.5.0/go.mod h1:aHnloV2TPI38yx4s9+wAZhHykWvVCfu7hQbF+9CWoiY=
+cloud.google.com/go/compute/metadata v0.6.0 h1:A6hENjEsCDtC1k8byVsgwvVcioamEHvZ4j01OwKxG9I=
+cloud.google.com/go/compute/metadata v0.6.0/go.mod h1:FjyFAW1MW0C203CEOMDTu3Dk1FlqW3Rga40jzHL4hfg=
 cloud.google.com/go/containeranalysis v0.5.1/go.mod h1:1D92jd8gRR/c0fGMlymRgxWD3Qw9C1ff6/T7mLgVL8I=
 cloud.google.com/go/containeranalysis v0.6.0/go.mod h1:HEJoiEIu+lEXM+k7+qLCci0h33lX3ZqoYFdmPcoO7s4=
 cloud.google.com/go/datacatalog v1.3.0/go.mod h1:g9svFY6tuR+j+hrTw3J2dNcmI0dzmSiyOzm8kpLq0a0=
@@ -298,8 +298,8 @@ github.com/cncf/xds/go v0.0.0-20211011173535-cb28da3451f1/go.mod h1:eXthEFrGJvWH
 github.com/containerd/cgroups v1.1.0 h1:v8rEWFl6EoqHB+swVNjVoCJE8o3jX7e8nqBGPLaDFBM=
 github.com/containerd/cgroups/v3 v3.0.3 h1:S5ByHZ/h9PMe5IOQoN7E+nMc2UcLEM/V48DGDJ9kip0=
 github.com/containerd/cgroups/v3 v3.0.3/go.mod h1:8HBe7V3aWGLFPd/k03swSIsGjZhHI2WzJmticMgVuz0=
-github.com/containerd/containerd v1.7.24 h1:zxszGrGjrra1yYJW/6rhm9cJ1ZQ8rkKBR48brqsa7nA=
-github.com/containerd/containerd v1.7.24/go.mod h1:7QUzfURqZWCZV7RLNEn1XjUCQLEf0bkaK4GjUaZehxw=
+github.com/containerd/containerd v1.7.26 h1:3cs8K2RHlMQaPifLqgRyI4VBkoldNdEw62cb7qQga7k=
+github.com/containerd/containerd v1.7.26/go.mod h1:m4JU0E+h0ebbo9yXD7Hyt+sWnc8tChm7MudCjj4jRvQ=
 github.com/containerd/continuity v0.4.5 h1:ZRoN1sXq9u7V6QoHMcVWGhOwDFqZ4B9i5H6un1Wh0x4=
 github.com/containerd/continuity v0.4.5/go.mod h1:/lNJvtJKUQStBzpVQ1+rasXO1LAWtUQssk28EZvJ3nE=
 github.com/containerd/errdefs v1.0.0 h1:tg5yIfIlQIrxYtu9ajqY42W3lpS19XqdxRQeEwYG8PI=
@@ -432,8 +432,8 @@ github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7a
 github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
 github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
 github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=
-github.com/golang/glog v1.2.2 h1:1+mZ9upx1Dh6FmUTFR1naJ77miKiXgALjWOZ3NVFPmY=
-github.com/golang/glog v1.2.2/go.mod h1:6AhwSGph0fcJtXVM/PEHPqZlFeoLxhs7/t5UDAwmO+w=
+github.com/golang/glog v1.2.4 h1:CNNw5U8lSiiBk7druxtSHHTsRWcxKoac6kZKm2peBBc=
+github.com/golang/glog v1.2.4/go.mod h1:6AhwSGph0fcJtXVM/PEHPqZlFeoLxhs7/t5UDAwmO+w=
 github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
 github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
 github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
@@ -763,8 +763,8 @@ github.com/rivo/uniseg v0.4.7 h1:WUdvkW8uEhrYfLC4ZzdpI2ztxP1I582+49Oc5Mq64VQ=
 github.com/rivo/uniseg v0.4.7/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88=
 github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ=
 github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4=
-github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8=
-github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4=
+github.com/rogpeppe/go-internal v1.13.1 h1:KvO1DLK/DRN07sQ1LQKScxyZJuNnedQ5/wKSR38lUII=
+github.com/rogpeppe/go-internal v1.13.1/go.mod h1:uMEvuHeurkdAXX61udpOXGD/AzZDWNMNyH2VO9fmH0o=
 github.com/rs/xid v1.5.0/go.mod h1:trrq9SKmegXys3aeAKXMUTdJsYXVwGY3RLcfgqegfbg=
 github.com/rs/zerolog v1.33.0 h1:1cU2KZkvPxNyfgEmhHAz/1A9Bz+llsdYzklWFzgp0r8=
 github.com/rs/zerolog v1.33.0/go.mod h1:/7mN4D5sKwJLZQ2b/znpjC3/GQWY/xaDXUM0kKWRHss=
@@ -888,22 +888,26 @@ go.opencensus.io v0.22.5/go.mod h1:5pWMHQbX5EPX2/62yrJeAkowc+lfs/XD7Uxpq3pI6kk=
 go.opencensus.io v0.23.0/go.mod h1:XItmlyltB5F7CS4xOC1DcqMoFqwtC6OG2xF7mCv7P7E=
 go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0=
 go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo=
+go.opentelemetry.io/auto/sdk v1.1.0 h1:cH53jehLUN6UFLY71z+NDOiNJqDdPRaXzTel0sJySYA=
+go.opentelemetry.io/auto/sdk v1.1.0/go.mod h1:3wSPjt5PWp2RhlCcmmOial7AvC4DQqZb7a7wCow3W8A=
 go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.56.0 h1:yMkBS9yViCc7U7yeLzJPM2XizlfdVvBRSmsQDWu6qc0=
 go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.56.0/go.mod h1:n8MR6/liuGB5EmTETUBeU5ZgqMOlqKRxUaqPQBOANZ8=
 go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.56.0 h1:UP6IpuHFkUgOQL9FFQFrZ+5LiwhhYRbi7VZSIx6Nj5s=
 go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.56.0/go.mod h1:qxuZLtbq5QDtdeSHsS7bcf6EH6uO6jUAgk764zd3rhM=
-go.opentelemetry.io/otel v1.31.0 h1:NsJcKPIW0D0H3NgzPDHmo0WW6SptzPdqg/L1zsIm2hY=
-go.opentelemetry.io/otel v1.31.0/go.mod h1:O0C14Yl9FgkjqcCZAsE053C13OaddMYr/hz6clDkEJE=
+go.opentelemetry.io/otel v1.34.0 h1:zRLXxLCgL1WyKsPVrgbSdMN4c0FMkDAskSTQP+0hdUY=
+go.opentelemetry.io/otel v1.34.0/go.mod h1:OWFPOQ+h4G8xpyjgqo4SxJYdDQ/qmRH+wivy7zzx9oI=
 go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.31.0 h1:K0XaT3DwHAcV4nKLzcQvwAgSyisUghWoY20I7huthMk=
 go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.31.0/go.mod h1:B5Ki776z/MBnVha1Nzwp5arlzBbE3+1jk+pGmaP5HME=
 go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.31.0 h1:FFeLy03iVTXP6ffeN2iXrxfGsZGCjVx0/4KlizjyBwU=
 go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc v1.31.0/go.mod h1:TMu73/k1CP8nBUpDLc71Wj/Kf7ZS9FK5b53VapRsP9o=
-go.opentelemetry.io/otel/metric v1.31.0 h1:FSErL0ATQAmYHUIzSezZibnyVlft1ybhy4ozRPcF2fE=
-go.opentelemetry.io/otel/metric v1.31.0/go.mod h1:C3dEloVbLuYoX41KpmAhOqNriGbA+qqH6PQ5E5mUfnY=
-go.opentelemetry.io/otel/sdk v1.31.0 h1:xLY3abVHYZ5HSfOg3l2E5LUj2Cwva5Y7yGxnSW9H5Gk=
-go.opentelemetry.io/otel/sdk v1.31.0/go.mod h1:TfRbMdhvxIIr/B2N2LQW2S5v9m3gOQ/08KsbbO5BPT0=
-go.opentelemetry.io/otel/trace v1.31.0 h1:ffjsj1aRouKewfr85U2aGagJ46+MvodynlQ1HYdmJys=
-go.opentelemetry.io/otel/trace v1.31.0/go.mod h1:TXZkRk7SM2ZQLtR6eoAWQFIHPvzQ06FJAsO1tJg480A=
+go.opentelemetry.io/otel/metric v1.34.0 h1:+eTR3U0MyfWjRDhmFMxe2SsW64QrZ84AOhvqS7Y+PoQ=
+go.opentelemetry.io/otel/metric v1.34.0/go.mod h1:CEDrp0fy2D0MvkXE+dPV7cMi8tWZwX3dmaIhwPOaqHE=
+go.opentelemetry.io/otel/sdk v1.34.0 h1:95zS4k/2GOy069d321O8jWgYsW3MzVV+KuSPKp7Wr1A=
+go.opentelemetry.io/otel/sdk v1.34.0/go.mod h1:0e/pNiaMAqaykJGKbi+tSjWfNNHMTxoC9qANsCzbyxU=
+go.opentelemetry.io/otel/sdk/metric v1.34.0 h1:5CeK9ujjbFVL5c1PhLuStg1wxA7vQv7ce1EK0Gyvahk=
+go.opentelemetry.io/otel/sdk/metric v1.34.0/go.mod h1:jQ/r8Ze28zRKoNRdkjCZxfs6YvBTG1+YIqyFVFYec5w=
+go.opentelemetry.io/otel/trace v1.34.0 h1:+ouXS2V8Rd4hp4580a8q23bg0azF2nI8cqLYnC8mh/k=
+go.opentelemetry.io/otel/trace v1.34.0/go.mod h1:Svm7lSjQD7kG7KJ/MUHPVXSDGz2OX4h0M2jHBhmSfRE=
 go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI=
 go.opentelemetry.io/proto/otlp v1.3.1 h1:TrMUixzpM0yuc/znrFTP9MMRh8trP93mkCiDVeXrui0=
 go.opentelemetry.io/proto/otlp v1.3.1/go.mod h1:0X1WI4de4ZsLrrJNLAQbFeLCm3T7yBkR0XqQ7niQU+8=
@@ -920,8 +924,8 @@ golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8U
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
-golang.org/x/crypto v0.32.0 h1:euUpcYgM8WcP71gNpTqQCn6rC2t6ULUPiOzfWaXVVfc=
-golang.org/x/crypto v0.32.0/go.mod h1:ZnnJkOaASj8g0AjIduWNlq2NRxL0PlBrbKVyZ6V/Ugc=
+golang.org/x/crypto v0.35.0 h1:b15kiHdrGCHrP6LvwaQ3c03kgNhhiMgvlhxHQhmg2Xs=
+golang.org/x/crypto v0.35.0/go.mod h1:dy7dXNW32cAb/6/PRuTNsix8T+vJAqvuIy5Bli/x0YQ=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
@@ -1012,8 +1016,8 @@ golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug
 golang.org/x/net v0.0.0-20220909164309-bea034e7d591/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk=
 golang.org/x/net v0.0.0-20221014081412-f15817d10f9b/go.mod h1:YDH+HFinaLZZlnHAfSS6ZXJJ9M9t4Dl22yv3iI2vPwk=
 golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco=
-golang.org/x/net v0.34.0 h1:Mb7Mrk043xzHgnRM88suvJFwzVrRfHEHJEl5/71CKw0=
-golang.org/x/net v0.34.0/go.mod h1:di0qlW3YNM5oh6GqDGQr92MyTozJPmybPK4Ev/Gm31k=
+golang.org/x/net v0.36.0 h1:vWF2fRbw4qslQsQzgFqZff+BItCvGFQqKzKIzx1rmoA=
+golang.org/x/net v0.36.0/go.mod h1:bFmbeoIPfrw4sMHNhb4J9f6+tPziuGjq7Jk/38fxi1I=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
@@ -1039,8 +1043,8 @@ golang.org/x/oauth2 v0.0.0-20220822191816-0ebed06d0094/go.mod h1:h4gKUeWbJ4rQPri
 golang.org/x/oauth2 v0.0.0-20220909003341-f21342109be1/go.mod h1:h4gKUeWbJ4rQPri7E0u6Gs4e9Ri2zaLxzw5DI5XGrYg=
 golang.org/x/oauth2 v0.0.0-20221014153046-6fdb5e3db783/go.mod h1:h4gKUeWbJ4rQPri7E0u6Gs4e9Ri2zaLxzw5DI5XGrYg=
 golang.org/x/oauth2 v0.1.0/go.mod h1:G9FE4dLTsbXUu90h/Pf85g4w1D+SSAgR+q46nJZ8M4A=
-golang.org/x/oauth2 v0.23.0 h1:PbgcYx2W7i4LvjJWEbf0ngHV6qJYr86PkAV3bXdLEbs=
-golang.org/x/oauth2 v0.23.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI=
+golang.org/x/oauth2 v0.27.0 h1:da9Vo7/tDv5RH/7nZDz1eMGS/q1Vv1N/7FCrBhI9I3M=
+golang.org/x/oauth2 v0.27.0/go.mod h1:onh5ek6nERTohokkhCD/y2cV4Do3fxFHFuAejCkRWT8=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -1055,8 +1059,8 @@ golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJ
 golang.org/x/sync v0.0.0-20220601150217-0de741cfad7f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20220929204114-8fcdb60fdcc0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
-golang.org/x/sync v0.10.0 h1:3NQrjDixjgGwUOCaF8w2+VYHv0Ve/vGYSbdkTa98gmQ=
-golang.org/x/sync v0.10.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
+golang.org/x/sync v0.11.0 h1:GGz8+XQP4FvTTrjZPzNKTMFtSXH80RAzG+5ghFPgK9w=
+golang.org/x/sync v0.11.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk=
 golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
@@ -1127,13 +1131,13 @@ golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBc
 golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.29.0 h1:TPYlXGxvx1MGTn2GiZDhnjPA9wZzZeGKHHmKhHYvgaU=
-golang.org/x/sys v0.29.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.30.0 h1:QjkSwP/36a20jFYWkSue1YwXzLmsV5Gfq7Eiy72C1uc=
+golang.org/x/sys v0.30.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
-golang.org/x/term v0.28.0 h1:/Ts8HFuMR2E6IP/jlo7QVLZHggjKQbhu/7H0LJFr3Gg=
-golang.org/x/term v0.28.0/go.mod h1:Sw/lC2IAUZ92udQNf3WodGtn4k/XoLyZoh8v/8uiwek=
+golang.org/x/term v0.29.0 h1:L6pJp37ocefwRRtYPKSWOWzOtWSxVajvz2ldH/xi3iU=
+golang.org/x/term v0.29.0/go.mod h1:6bl4lRlvVuDgSf3179VpIxBF0o10JUpXWOnI7nErv7s=
 golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
@@ -1144,8 +1148,8 @@ golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
 golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
-golang.org/x/text v0.21.0 h1:zyQAAkrwaneQ066sspRyJaG9VNi/YJ1NfzcGB3hZ/qo=
-golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ=
+golang.org/x/text v0.22.0 h1:bofq7m3/HAFvbF51jz3Q9wLg3jkvSPuiZu/pD1XwgtM=
+golang.org/x/text v0.22.0/go.mod h1:YRoo4H8PVmsu+E3Ou7cqLVH8oXWIHVoX0jqUWALQhfY=
 golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
@@ -1379,10 +1383,10 @@ google.golang.org/genproto v0.0.0-20221014213838-99cd37c6964a/go.mod h1:1vXfmgAz
 google.golang.org/genproto v0.0.0-20221025140454-527a21cfbd71/go.mod h1:9qHF0xnpdSfF6knlcsnpzUu5y+rpwgbvsyGAZPBMg4s=
 google.golang.org/genproto v0.0.0-20240213162025-012b6fc9bca9 h1:9+tzLLstTlPTRyJTh+ah5wIMsBW5c4tQwGTN3thOW9Y=
 google.golang.org/genproto v0.0.0-20240213162025-012b6fc9bca9/go.mod h1:mqHbVIp48Muh7Ywss/AD6I5kNVKZMmAa/QEW58Gxp2s=
-google.golang.org/genproto/googleapis/api v0.0.0-20241007155032-5fefd90f89a9 h1:T6rh4haD3GVYsgEfWExoCZA2o2FmbNyKpTuAxbEFPTg=
-google.golang.org/genproto/googleapis/api v0.0.0-20241007155032-5fefd90f89a9/go.mod h1:wp2WsuBYj6j8wUdo3ToZsdxxixbvQNAHqVJrTgi5E5M=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20241021214115-324edc3d5d38 h1:zciRKQ4kBpFgpfC5QQCVtnnNAcLIqweL7plyZRQHVpI=
-google.golang.org/genproto/googleapis/rpc v0.0.0-20241021214115-324edc3d5d38/go.mod h1:GX3210XPVPUjJbTUbvwI8f2IpZDMZuPJWDzDuebbviI=
+google.golang.org/genproto/googleapis/api v0.0.0-20250106144421-5f5ef82da422 h1:GVIKPyP/kLIyVOgOnTwFOrvQaQUzOzGMCxgFUOEmm24=
+google.golang.org/genproto/googleapis/api v0.0.0-20250106144421-5f5ef82da422/go.mod h1:b6h1vNKhxaSoEI+5jc3PJUCustfli/mRab7295pY7rw=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20250115164207-1a7da9e5054f h1:OxYkA3wjPsZyBylwymxSHa7ViiW1Sml4ToBrncvFehI=
+google.golang.org/genproto/googleapis/rpc v0.0.0-20250115164207-1a7da9e5054f/go.mod h1:+2Yz8+CLJbIfL9z73EW45avw8Lmge3xVElCP9zEKi50=
 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
 google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38=
 google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=
@@ -1418,8 +1422,8 @@ google.golang.org/grpc v1.48.0/go.mod h1:vN9eftEi1UMyUsIF80+uQXhHjbXYbm0uXoFCACu
 google.golang.org/grpc v1.49.0/go.mod h1:ZgQEeidpAuNRZ8iRrlBKXZQP1ghovWIVhdJRyCDK+GI=
 google.golang.org/grpc v1.50.0/go.mod h1:ZgQEeidpAuNRZ8iRrlBKXZQP1ghovWIVhdJRyCDK+GI=
 google.golang.org/grpc v1.50.1/go.mod h1:ZgQEeidpAuNRZ8iRrlBKXZQP1ghovWIVhdJRyCDK+GI=
-google.golang.org/grpc v1.68.1 h1:oI5oTa11+ng8r8XMMN7jAOmWfPZWbYpCFaMUTACxkM0=
-google.golang.org/grpc v1.68.1/go.mod h1:+q1XYFJjShcqn0QZHvCyeR4CXPA+llXIeUIfIe00waw=
+google.golang.org/grpc v1.71.0 h1:kF77BGdPTQ4/JZWMlb9VpJ5pa25aqvVqogsxNHHdeBg=
+google.golang.org/grpc v1.71.0/go.mod h1:H0GRtasmQOh9LkFoCPDu3ZrwUtD1YGE+b2vYBYd/8Ec=
 google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0/go.mod h1:6Kw0yEErY5E/yWrBtf03jp27GLLJujG4z/JK95pnjjw=
 google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8=
 google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0=
@@ -1436,8 +1440,8 @@ google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQ
 google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
 google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
 google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I=
-google.golang.org/protobuf v1.35.2 h1:8Ar7bF+apOIoThw1EdZl0p1oWvMqTHmpA2fRTyZO8io=
-google.golang.org/protobuf v1.35.2/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE=
+google.golang.org/protobuf v1.36.4 h1:6A3ZDJHn/eNqc1i+IdefRzy/9PokBTPvcqMySR7NNIM=
+google.golang.org/protobuf v1.36.4/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE=
 gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
@@ -1462,8 +1466,8 @@ gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gotest.tools/v3 v3.4.0 h1:ZazjZUfuVeZGLAmlKKuyv3IKP5orXcwtOwDQH6YVr6o=
 gotest.tools/v3 v3.4.0/go.mod h1:CtbdzLSsqVhDgMtKsx03ird5YTGB3ar27v0u/yKBW5g=
-helm.sh/helm/v3 v3.17.0 h1:DUD4AGdNVn7PSTYfxe1gmQG7s18QeWv/4jI9TubnhT0=
-helm.sh/helm/v3 v3.17.0/go.mod h1:Mo7eGyKPPHlS0Ml67W8z/lbkox/gD9Xt1XpD6bxvZZA=
+helm.sh/helm/v3 v3.17.1 h1:gzVoAD+qVuoJU6KDMSAeo0xRJ6N1znRxz3wyuXRmJDk=
+helm.sh/helm/v3 v3.17.1/go.mod h1:nvreuhuR+j78NkQcLC3TYoprCKStLyw5P4T7E5itv2w=
 honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
@@ -1479,8 +1483,8 @@ k8s.io/apimachinery v0.32.1 h1:683ENpaCBjma4CYqsmZyhEzrGz6cjn1MY/X2jB2hkZs=
 k8s.io/apimachinery v0.32.1/go.mod h1:GpHVgxoKlTxClKcteaeuF1Ul/lDVb74KpZcxcmLDElE=
 k8s.io/apiserver v0.32.1 h1:oo0OozRos66WFq87Zc5tclUX2r0mymoVHRq8JmR7Aak=
 k8s.io/apiserver v0.32.1/go.mod h1:UcB9tWjBY7aryeI5zAgzVJB/6k7E97bkr1RgqDz0jPw=
-k8s.io/cli-runtime v0.32.0 h1:dP+OZqs7zHPpGQMCGAhectbHU2SNCuZtIimRKTv2T1c=
-k8s.io/cli-runtime v0.32.0/go.mod h1:Mai8ht2+esoDRK5hr861KRy6z0zHsSTYttNVJXgP3YQ=
+k8s.io/cli-runtime v0.32.1 h1:19nwZPlYGJPUDbhAxDIS2/oydCikvKMHsxroKNGA2mM=
+k8s.io/cli-runtime v0.32.1/go.mod h1:NJPbeadVFnV2E7B7vF+FvU09mpwYlZCu8PqjzfuOnkY=
 k8s.io/client-go v0.32.1 h1:otM0AxdhdBIaQh7l1Q0jQpmo7WOFIk5FFa4bg6YMdUU=
 k8s.io/client-go v0.32.1/go.mod h1:aTTKZY7MdxUaJ/KiUs8D+GssR9zJZi77ZqtzcGXIiDg=
 k8s.io/component-base v0.32.1 h1:/5IfJ0dHIKBWysGV0yKTFfacZ5yNV1sulPh3ilJjRZk=
@@ -1489,8 +1493,8 @@ k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk=
 k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE=
 k8s.io/kube-openapi v0.0.0-20241105132330-32ad38e42d3f h1:GA7//TjRY9yWGy1poLzYYJJ4JRdzg3+O6e8I+e+8T5Y=
 k8s.io/kube-openapi v0.0.0-20241105132330-32ad38e42d3f/go.mod h1:R/HEjbvWI0qdfb8viZUeVZm0X6IZnxAydC7YU42CMw4=
-k8s.io/kubectl v0.32.0 h1:rpxl+ng9qeG79YA4Em9tLSfX0G8W0vfaiPVrc/WR7Xw=
-k8s.io/kubectl v0.32.0/go.mod h1:qIjSX+QgPQUgdy8ps6eKsYNF+YmFOAO3WygfucIqFiE=
+k8s.io/kubectl v0.32.1 h1:/btLtXLQUU1rWx8AEvX9jrb9LaI6yeezt3sFALhB8M8=
+k8s.io/kubectl v0.32.1/go.mod h1:sezNuyWi1STk4ZNPVRIFfgjqMI6XMf+oCVLjZen/pFQ=
 k8s.io/utils v0.0.0-20241104100929-3ea5e8cea738 h1:M3sRQVHv7vB20Xc2ybTt7ODCeFj6JSWYFzOFnYeS6Ro=
 k8s.io/utils v0.0.0-20241104100929-3ea5e8cea738/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
 mvdan.cc/sh/v3 v3.8.0 h1:ZxuJipLZwr/HLbASonmXtcvvC9HXY9d2lXZHnKGjFc8=
diff --git a/mkdocs.yml b/mkdocs.yml
index f2da55dd4da..431dd893581 100644
--- a/mkdocs.yml
+++ b/mkdocs.yml
@@ -38,7 +38,7 @@ nav:
       - Architecture: architecture.md
       - Auto Remediation : kics_auto_remediation.md
       - Certifications: certifications.md
-      - Future Improvements: future_improvements.md 
+      - Future Improvements: future_improvements.md
       - Changes in v1.3.0: changes.md
       - Changes in v1.6.0: changes1_6.md
       - Changes in v1.7.0: changes1_7.md
@@ -49,16 +49,22 @@ nav:
       - Bill of Materials: bom.md
       - Queries List:
           - All: queries/all-queries.md
-          - Common: queries/common-queries.md
           - Ansible: queries/ansible-queries.md
           - Azure Resource Manager: queries/azureresourcemanager-queries.md
+          - Buildah: queries/buildah-queries.md
+          - CICD: queries/cicd-queries.md
           - CloudFormation: queries/cloudformation-queries.md
-          - Dockerfile: queries/dockerfile-queries.md
+          - Common: queries/common-queries.md
+          - Crossplane: queries/crossplane-queries.md
           - Docker Compose: queries/dockercompose-queries.md
-          - Kubernetes: queries/kubernetes-queries.md
-          - OpenAPI: queries/openapi-queries.md
+          - Dockerfile: queries/dockerfile-queries.md
           - Google Deployment Manager: queries/googledeploymentmanager-queries.md
           - gRPC: queries/grpc-queries.md
+          - Knative: queries/knative-queries.md
+          - Kubernetes: queries/kubernetes-queries.md
+          - OpenAPI: queries/openapi-queries.md
+          - Pulumi: queries/pulumi-queries.md
+          - ServerlessFW: queries/serverlessfw-queries.md
           - Terraform: queries/terraform-queries.md
   - Integrations:
       - Overview: integrations.md