diff --git a/.github/workflows/bulwark-golicenses.yaml b/.github/workflows/bulwark-golicenses.yaml
index 1d0c0c6..eeef86c 100644
--- a/.github/workflows/bulwark-golicenses.yaml
+++ b/.github/workflows/bulwark-golicenses.yaml
@@ -11,20 +11,20 @@ concurrency:
 jobs:
   golicense-pr-scan:
     runs-on: [self-hosted, Linux, X64, validator]
+    container:
+      image: gcr.io/spectro-images-public/golang:1.22-alpine
     steps:
-      - name: install-git
-        run: sudo apt-get install -y git
-
       - name: checkout
         uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4
 
       - name: Set up Go
         uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5
         with:
+          cache: false
           go-version-file: go.mod
 
       - name: install-golicenses
-        run: go install github.com/google/go-licenses@v1.0.0
+        run: go install github.com/google/go-licenses@latest
 
       - name: golicense-scan
         run: |
diff --git a/.github/workflows/bulwark-gosec.yaml b/.github/workflows/bulwark-gosec.yaml
index a5fd017..88c3568 100644
--- a/.github/workflows/bulwark-gosec.yaml
+++ b/.github/workflows/bulwark-gosec.yaml
@@ -17,13 +17,14 @@ jobs:
       env:
         REPO: ${{ github.event.repository.name }}
     steps:
+      - name: checkout
+        uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4
+
       - name: Set up Go
         uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5
         with:
-          go-version: '1.21'
-
-      - name: checkout
-        uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4
+          cache: false
+          go-version-file: go.mod
 
       - name: run-gosec-scan
         shell: sh
diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml
index 429fde1..299df75 100644
--- a/.github/workflows/test.yaml
+++ b/.github/workflows/test.yaml
@@ -21,6 +21,7 @@ jobs:
       - name: Set up Go
         uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5
         with:
+          cache: false
           go-version-file: go.mod
 
       - name: Test
diff --git a/renovate.json b/renovate.json
index 7ea2222..e033b8e 100644
--- a/renovate.json
+++ b/renovate.json
@@ -11,6 +11,11 @@
     "gomodMassage"
   ],
   "packageRules": [
+    {
+      "matchUpdateTypes": ["pin", "pinDigest", "digest"],
+      "addLabels": ["pin"],
+      "automerge": true
+    },
     {
       "matchUpdateTypes": ["minor", "patch"],
       "matchCurrentVersion": "!/^0/",
@@ -26,10 +31,25 @@
       "addLabels": ["github_actions"],
       "automerge": true
     },
+    {
+      "matchManagers": ["crossplane"],
+      "addLabels": ["crossplane"],
+      "automerge": true
+    },
     {
       "matchManagers": ["dockerfile"],
       "addLabels": ["docker"],
       "automerge": true
+    },
+    {
+      "matchManagers": ["kustomize"],
+      "addLabels": ["kustomize"],
+      "automerge": true
+    },
+    {
+      "matchManagers": ["helm-values"],
+      "addLabels": ["helm_values"],
+      "automerge": true
     }
   ],
   "regexManagers": [