diff --git a/.github/workflows/CIS-Anchore-Grype.yml b/.github/workflows/CIS-Anchore-Grype.yml
index ca11356..1cd623d 100644
--- a/.github/workflows/CIS-Anchore-Grype.yml
+++ b/.github/workflows/CIS-Anchore-Grype.yml
@@ -18,6 +18,7 @@ env:
 
 permissions:
   contents: read # for actions/checkout to fetch code
+  id-token: write
   security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
   actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
   
@@ -52,3 +53,9 @@ jobs:
         uses: github/codeql-action/upload-sarif@v3
         with:
           sarif_file: ${{ steps.scan.outputs.sarif }}
+      
+      - name: Upload alerts file as a workflow artifact
+        uses: actions/upload-artifact@v4
+        with:  
+          name: alerts
+          path: ${{ steps.scan.outputs.sarif }}
\ No newline at end of file
diff --git a/.github/workflows/CIS-Trivy-AquaSecurity.yml b/.github/workflows/CIS-Trivy-AquaSecurity.yml
index 05dc34e..476d5d5 100644
--- a/.github/workflows/CIS-Trivy-AquaSecurity.yml
+++ b/.github/workflows/CIS-Trivy-AquaSecurity.yml
@@ -18,6 +18,7 @@ env:
 
 permissions:
   contents: read # for actions/checkout to fetch code
+  id-token: write
   security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
   actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
   
@@ -47,3 +48,10 @@ jobs:
         if: always()
         with:
           sarif_file: "trivy-results.sarif"
+
+      - name: Upload alerts file as a workflow artifact
+        uses: actions/upload-artifact@v4
+        with:  
+          name: alerts
+          path: "trivy-results.sarif"
+      
\ No newline at end of file
diff --git a/.github/workflows/SCA-Anchore-Syft-SBOM.yml b/.github/workflows/SCA-Anchore-Syft-SBOM.yml
index dc2d548..cddb30e 100644
--- a/.github/workflows/SCA-Anchore-Syft-SBOM.yml
+++ b/.github/workflows/SCA-Anchore-Syft-SBOM.yml
@@ -37,3 +37,8 @@ jobs:
           image: "${{ env.imageName }}:${{ env.tag }}"
           artifact-name: image.spdx.json
           dependency-snapshot: true
+      
+      - name: SBOM upload 
+        uses: advanced-security/spdx-dependency-submission-action@v0.1.1
+        with:
+          filePath: "image.spdx.json"
\ No newline at end of file
diff --git a/.github/workflows/SCA-Microsoft-SBOM.yml b/.github/workflows/SCA-Microsoft-SBOM.yml
index 45128a2..564a0ff 100644
--- a/.github/workflows/SCA-Microsoft-SBOM.yml
+++ b/.github/workflows/SCA-Microsoft-SBOM.yml
@@ -2,8 +2,9 @@
 
 name: SCA - Microsoft SBOM Tool
 
-on: 
-  workflow_dispatch:
+on:
+  push:
+    branches: [main]
 
 env:
   SRC_PROJECT_PATH: '/webapp01/webapp01.csproj' 
@@ -37,4 +38,9 @@ jobs:
     - name: Upload a Build Artifact
       uses: actions/upload-artifact@v4
       with:
-        path: buildOutput
\ No newline at end of file
+        path: buildOutput
+
+    - name: SBOM upload 
+      uses: advanced-security/spdx-dependency-submission-action@v0.1.1
+      with:
+        filePath: "_manifest/spdx_2.2/"
\ No newline at end of file
diff --git a/src/webapp01/Dockerfile b/src/webapp01/Dockerfile
index 8f360a1..809601c 100644
--- a/src/webapp01/Dockerfile
+++ b/src/webapp01/Dockerfile
@@ -2,7 +2,6 @@
 
 # This stage is used when running from VS in fast mode (Default for Debug configuration)
 FROM mcr.microsoft.com/dotnet/aspnet:9.0 AS base
-USER $APP_UID
 WORKDIR /app
 EXPOSE 8080
 EXPOSE 8081