diff --git a/.github/renovate.json b/.github/renovate.json
index 09c2a5983..99eeec105 100644
--- a/.github/renovate.json
+++ b/.github/renovate.json
@@ -1,24 +1,32 @@
 {
   "extends": [
-    "config:base"
+    "config:recommended"
+  ],
+  "addLabels": [
+    "type: dependency-upgrade"
   ],
-  "addLabels": ["type: dependency-upgrade"],
   "schedule": [
-    "after 10pm every day"
+    "after 10pm"
   ],
   "prHourlyLimit": 1,
   "prConcurrentLimit": 20,
   "timezone": "Europe/Prague",
   "packageRules": [
     {
-      "matchPackagePatterns": ["actions.*"],
       "dependencyDashboardApproval": true,
-      "matchUpdateTypes": ["patch"],
+      "matchUpdateTypes": [
+        "patch"
+      ],
       "matchCurrentVersion": "!/^0/",
-      "automerge": true
+      "automerge": true,
+      "matchPackageNames": [
+        "/actions.*/"
+      ]
     },
     {
-      "matchUpdateTypes": ["patch"],
+      "matchUpdateTypes": [
+        "patch"
+      ],
       "matchCurrentVersion": "!/^0/",
       "automerge": true
     }
diff --git a/.github/workflows/gradle.yml b/.github/workflows/gradle.yml
index 571e79a24..32d879ad1 100644
--- a/.github/workflows/gradle.yml
+++ b/.github/workflows/gradle.yml
@@ -30,6 +30,8 @@ jobs:
       PREDICTIVE_TEST_SELECTION: "${{ github.event_name == 'pull_request' && 'true' || 'false' }}"
       SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
       GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      OSS_INDEX_USERNAME: ${{ secrets.OSS_INDEX_USERNAME }}
+      OSS_INDEX_PASSWORD: ${{ secrets.OSS_INDEX_PASSWORD }}
     steps:
        # https://github.com/actions/virtual-environments/issues/709
       - name: "🗑 Free disk space"
@@ -58,6 +60,11 @@ jobs:
         run: |
           [ -f ./setup.sh ] && ./setup.sh || [ ! -f ./setup.sh ]
 
+      - name: "🚔 Sonatype Scan"
+        id: sonatypescan
+        run: |
+          ./gradlew ossIndexAudit --no-parallel --info
+
       - name: "🛠 Build with Gradle"
         id: gradle
         run: |
diff --git a/buildSrc/build.gradle b/buildSrc/build.gradle
index 67eb5354b..4f1470cb4 100644
--- a/buildSrc/build.gradle
+++ b/buildSrc/build.gradle
@@ -9,4 +9,5 @@ repositories {
 
 dependencies {
     implementation libs.micronaut.gradle.plugin
+    implementation(libs.sonatype.scan)
 }
diff --git a/buildSrc/src/main/groovy/io.micronaut.build.internal.views-module.gradle b/buildSrc/src/main/groovy/io.micronaut.build.internal.views-module.gradle
index e98234104..8e77c0c68 100644
--- a/buildSrc/src/main/groovy/io.micronaut.build.internal.views-module.gradle
+++ b/buildSrc/src/main/groovy/io.micronaut.build.internal.views-module.gradle
@@ -1,4 +1,15 @@
 plugins {
     id("io.micronaut.build.internal.views-base")
     id("io.micronaut.build.internal.module")
+    id("org.sonatype.gradle.plugins.scan")
 }
+String ossIndexUsername = System.getenv("OSS_INDEX_USERNAME") ?: project.properties["ossIndexUsername"]
+String ossIndexPassword = System.getenv("OSS_INDEX_PASSWORD") ?: project.properties["ossIndexPassword"]
+boolean sonatypePluginConfigured = ossIndexUsername != null && ossIndexPassword != null
+if (sonatypePluginConfigured) {
+    ossIndexAudit {
+        username = ossIndexUsername
+        password = ossIndexPassword
+    }
+}
+
diff --git a/gradle/libs.versions.toml b/gradle/libs.versions.toml
index 5125e9fe1..f7d894b8b 100644
--- a/gradle/libs.versions.toml
+++ b/gradle/libs.versions.toml
@@ -24,11 +24,12 @@ pebble = "3.2.2"
 thymeleaf-extra-java8time = "3.0.4.RELEASE"
 kotlin = "1.9.25"
 kotlinx-coroutines = "1.9.0"
-
+sonatype-scan = "3.0.0"
 micronaut-logging = "1.5.1"
-
+micronaut-grpc = "4.8.0"
 [libraries]
 # Core
+micronaut-grpc = { module = "io.micronaut.grpc:micronaut-grpc-bom", version.ref = "micronaut-grpc" }
 micronaut-core = { module = 'io.micronaut:micronaut-core-bom', version.ref = 'micronaut' }
 micronaut-sql = { module = "io.micronaut.sql:micronaut-sql-bom", version.ref = "micronaut-sql" }
 micronaut-logging = { module = "io.micronaut.logging:micronaut-logging-bom", version.ref = "micronaut-logging" }
@@ -61,6 +62,7 @@ groovy-json = { module = "org.apache.groovy:groovy-json" }
 
 graal-polyglot = { module = "org.graalvm.polyglot:polyglot", version.ref = "graal" }
 graal-js = { module = "org.graalvm.polyglot:js", version.ref = "graal" }
+sonatype-scan = { module = "org.sonatype.gradle.plugins:scan-gradle-plugin", version.ref = "sonatype-scan" }
 
 [plugins]
 kotlin-jvm = { id = "org.jetbrains.kotlin.jvm", version.ref = "kotlin" }
diff --git a/gradlew b/gradlew
index f5feea6d6..f3b75f3b0 100755
--- a/gradlew
+++ b/gradlew
@@ -86,8 +86,7 @@ done
 # shellcheck disable=SC2034
 APP_BASE_NAME=${0##*/}
 # Discard cd standard output in case $CDPATH is set (https://github.com/gradle/gradle/issues/25036)
-APP_HOME=$( cd -P "${APP_HOME:-./}" > /dev/null && printf '%s
-' "$PWD" ) || exit
+APP_HOME=$( cd -P "${APP_HOME:-./}" > /dev/null && printf '%s\n' "$PWD" ) || exit
 
 # Use the maximum available, or set MAX_FD != -1 to use that value.
 MAX_FD=maximum
diff --git a/settings.gradle b/settings.gradle
index 43af32c61..062b00fee 100644
--- a/settings.gradle
+++ b/settings.gradle
@@ -54,6 +54,7 @@ micronautBuild {
     importMicronautCatalog()
     importMicronautCatalog("micronaut-data")
     importMicronautCatalog("micronaut-sql")
+    importMicronautCatalog("micronaut-grpc")
     importMicronautCatalog("micronaut-security")
     importMicronautCatalog("micronaut-serde")
     importMicronautCatalog("micronaut-validation")
diff --git a/views-soy/build.gradle.kts b/views-soy/build.gradle.kts
index 0e7f72069..6d057a789 100644
--- a/views-soy/build.gradle.kts
+++ b/views-soy/build.gradle.kts
@@ -9,8 +9,8 @@ dependencies {
     api(libs.managed.soy) {
         exclude(group = "org.json", module = "json")
     }
+    implementation(mnGrpc.protobuf.java) // apply com.google.protobuf:protobuf-java directly because the version brought transitively contains a vulnerable version.
     implementation(libs.org.json)
-
     compileOnly(mn.micronaut.management)
     compileOnly(mnValidation.micronaut.validation)
     compileOnly(mn.micronaut.http)
@@ -25,4 +25,5 @@ dependencies {
     testImplementation(mn.micronaut.management)
     testImplementation(mnValidation.micronaut.validation)
     testImplementation(mn.snakeyaml)
-}
\ No newline at end of file
+}
+
diff --git a/views-soy/src/main/java/io/micronaut/views/soy/SoySauceViewsRenderer.java b/views-soy/src/main/java/io/micronaut/views/soy/SoySauceViewsRenderer.java
index 3e5dc20b7..8b05d68db 100644
--- a/views-soy/src/main/java/io/micronaut/views/soy/SoySauceViewsRenderer.java
+++ b/views-soy/src/main/java/io/micronaut/views/soy/SoySauceViewsRenderer.java
@@ -128,6 +128,7 @@ public String getTemplateName() {
             public Map<String, SoyValueProvider> getParamsAsMap() {
                 return null;
             }
+            
         });
         renderer.setData(context);
         if (injectNonce) {