diff --git a/.github/renovate.json b/.github/renovate.json
index 4d3b65715..f9ac95a8e 100644
--- a/.github/renovate.json
+++ b/.github/renovate.json
@@ -34,13 +34,19 @@
     }
   ],
 
-  "regexManagers": [
+  "customManagers": [
     {
       "description": "Because the Node version we use for building the VS Code plugin is managed by a Maven plugin, we need a custom regex version detection strategy. This rule matches versions defined as a Maven property of the form <node.version>x.x.x</node.version>.",
       "fileMatch": ["\\.pom\\.xml$", "(^|/)pom\\.xml$"],
       "matchStrings": ["<node\\.version>(?<currentValue>.*?)<\\/node\\.version>"],
       "depNameTemplate": "node",
       "datasourceTemplate": "node"
+    },
+    {
+      "description": "Detect Maven goals in GitHub workflows and actions.",
+      "fileMatch": ["(^|/)(workflow-templates|\\.(?:github|gitea|forgejo)/(?:workflows|actions))/.+\\.ya?ml$", "(^|/)action\\.ya?ml$"],
+      "matchStrings": ["mvn (?<depName>[^\\s:]+:[^\\s:]+):(?<currentValue>[^\\s:]+):[^\\s:]+"],
+      "datasourceTemplate": "maven"
     }
   ],
 
diff --git a/.github/workflows/cve-scanning.yml b/.github/workflows/cve-scanning.yml
index bb3112cce..a4529c484 100644
--- a/.github/workflows/cve-scanning.yml
+++ b/.github/workflows/cve-scanning.yml
@@ -41,7 +41,7 @@ jobs:
           --suppression CVE-suppressions.xml
           --failOnCVSS 7
     - name: Upload results
-      uses: actions/upload-artifact@v3
+      uses: actions/upload-artifact@v4
       with:
         name: CVE Scan Report
         path: ${{github.workspace}}/reports
diff --git a/.github/workflows/license-scanning.yml b/.github/workflows/license-scanning.yml
index c373d4c9f..0a15a0ee9 100644
--- a/.github/workflows/license-scanning.yml
+++ b/.github/workflows/license-scanning.yml
@@ -19,15 +19,46 @@ concurrency:
   cancel-in-progress: true
 
 env:
-  ALLOW_LICENSES: "'The Apache Software License, Version 2.0' and licenses/license/name!='BSD' and licenses/license/name!='BSD-style license' and licenses/license/name!='Apache License, Version 2.0'"
-  REPORT_PATH: "target/generated-resources/licenses.xml"
+  ALLOW_LICENSES: "
+    licenses/license/name!='Apache License, Version 2.0' and
+    not(contains(licenses/license/url, '://www.apache.org/licenses/LICENSE-2.0.txt')) and
+    
+    licenses/license/name!='BSD License' and
+    not(contains(licenses/license/url, 'antlr.org/license.html')) and
+    
+    licenses/license/name!='New BSD License' and
+    not(contains(licenses/license/url, '://www.opensource.org/licenses/bsd-license.php')) and
+    
+    licenses/license/name!='BSD-3-Clause' and
+    not(contains(licenses/license/url, '://asm.ow2.io/license.html')) and
+    
+    licenses/license/name!='Eclipse Public License - v 1.0' and
+    not(contains(licenses/license/url, '://www.eclipse.org/legal/epl-v10.html')) and
+    
+    licenses/license/name!='Eclipse Public License - v 2.0' and
+    not(contains(licenses/license/url, '://www.eclipse.org/legal/epl-v20.html')) and
+    not(contains(licenses/license/url, '://www.eclipse.org/legal/epl-2.0')) and
+    
+    licenses/license/name!='GNU Lesser General Public License' and
+    not(contains(licenses/license/url, '://www.gnu.org/licenses/old-licenses/lgpl-2.1.html')) and
+    
+    licenses/license/name!='GNU General Public License (GPL), version 2, with the Classpath exception' and
+    not(contains(licenses/license/url, '://openjdk.java.net/legal/gplv2+ce.html')) and
+    
+    licenses/license/name!='The MIT License' and
+    not(contains(licenses/license/url, '://opensource.org/licenses/MIT')) and
+    not(contains(licenses/license/url, '://www.opensource.org/licenses/mit-license.php')) and
+    
+    licenses/license/name!='CDDL + GPLv2 with classpath exception' and
+    not(contains(licenses/license/url, '://github.com/javaee/javax.annotation/blob/master/LICENSE')) and
+    
+    licenses/license/name!='Public Domain'
+    "
+  REPORT_PATH: "target/generated-resources"
 
 jobs:
   scan:
     runs-on: ubuntu-latest
-    strategy:
-      matrix:
-        module-folder: ["./", "./rosetta-ide", "./rosetta-runtime", "./rosetta-testing", "./rosetta-tools", "./rosetta-xcore-plugin-dependencies", "./rosetta-maven-plugin", "./rosetta-profiling"]
     steps:
     - uses: actions/checkout@v4
     - name: Install XQ
@@ -37,21 +68,19 @@ jobs:
         build-command: install
         run-tests: false
     - name: License XML report
-      run: mvn org.codehaus.mojo:license-maven-plugin:2.0.0:download-licenses
+      run: mvn org.codehaus.mojo:license-maven-plugin:2.4.0:aggregate-download-licenses
     - name: Validate XML report
       run: |
-        LICENSE_REPORT=`xq "//dependency[licenses/license/name!=${{ env.ALLOW_LICENSES }}]" ./${{ env.REPORT_PATH }}`
-        LINES_FOUND=`echo $LICENSE_REPORT | wc -l`
-        echo "License issues found ..."
-        if [ $LINES_FOUND -gt 1 ]; then echo $LICENSE_REPORT ; exit -1; fi
-      working-directory: ${{ matrix.module-folder }}
+        LICENSE_REPORT=`xq "//dependency[${{ env.ALLOW_LICENSES }}]" ./${{ env.REPORT_PATH }}/licenses.xml`
+        LINES_FOUND=`echo "$LICENSE_REPORT" | wc -l`
+        if [ $LINES_FOUND -gt 1 ]; then echo "License issues found ..." ; echo "$LICENSE_REPORT" ; exit -1; fi
     - name: Upload license reports
-      uses: actions/upload-artifact@v3
+      uses: actions/upload-artifact@v4
       with:
         name: license-reports
-        path: '**/dependencies.html'
+        path: '**/${{ env.REPORT_PATH }}/'
     - name: Upload license XML reports
-      uses: actions/upload-artifact@v3
+      uses: actions/upload-artifact@v4
       with:
-        name: license-xml-report
-        path: '**/${{ env.REPORT_PATH }}'
+        name: license-xml-reports
+        path: '**/${{ env.REPORT_PATH }}/licenses.xml'