diff --git a/.github/workflows/build_maven_package.yml b/.github/workflows/build_maven_package.yml
index 01b2f59af..13731f400 100644
--- a/.github/workflows/build_maven_package.yml
+++ b/.github/workflows/build_maven_package.yml
@@ -1,6 +1,6 @@
 # CI with maven build and scan
 
-name: CI maven build and sonar cloud scan
+name: CI maven build and scan
 
 on:
   # Trigger analysis when pushing in master or pull requests, and when creating
@@ -8,7 +8,7 @@ on:
   push:
     branches:
       - main
-      - branch-sonarcloud
+      - branch-scan
   pull_request:
     types:
       - opened
@@ -20,24 +20,24 @@ jobs:
     name: Build
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@main
         with:
           # Shallow clones should be disabled for a better relevancy of analysis
           fetch-depth: 0
       - name: Set up JDK 17
-        uses: actions/setup-java@v4
+        uses: actions/setup-java@main
         with:
           java-version: '17'
           distribution: 'corretto'
           cache: 'maven'
       - name: Cache Maven packages
-        uses: actions/cache@v4
+        uses: actions/cache@main
         with:
           path: ~/.m2
           key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
           restore-keys: ${{ runner.os }}-m2
       - name: Cache SonarCloud packages
-        uses: actions/cache@v1
+        uses: actions/cache@main
         with:
           path: ~/.sonar/cache
           key: ${{ runner.os }}-sonar
@@ -66,7 +66,7 @@ jobs:
         # Snyk can be used to break the build when it detects vulnerabilities.
         # In this case we want to upload the issues to GitHub Code Scanning
         continue-on-error: true
-        uses: snyk/actions/docker@14818c4695ecc4045f33c9cee9e795a788711ca4
+        uses: snyk/actions/docker@main
         env:
           # In order to use the Snyk Action you will need to have a Snyk API token.
           # More details in https://github.com/snyk/actions#getting-your-snyk-token
@@ -76,6 +76,10 @@ jobs:
           image: fj-doc-playground-quarkus
           args: --file=fj-doc-playground-quarkus/Dockerfile
       - name: Upload result to GitHub Code Scanning
-        uses: github/codeql-action/upload-sarif@v3
+        uses: github/codeql-action/upload-sarif@main
         with:
-          sarif_file: snyk.sarif
\ No newline at end of file
+          sarif_file: snyk.sarif
+
+      # Optional: Uploads the full dependency graph to GitHub to improve the quality of Dependabot alerts this repository can receive
+      - name: Update dependency graph
+        uses: advanced-security/maven-dependency-submission-action@main
\ No newline at end of file