diff --git a/.github/workflows/scan-gosec.yaml b/.github/workflows/scan-gosec.yaml
index 066564e3..0ddf041e 100644
--- a/.github/workflows/scan-gosec.yaml
+++ b/.github/workflows/scan-gosec.yaml
@@ -10,8 +10,6 @@ on:
   pull_request:
     branches:
       - main
-  schedule:
-  - cron: '0 0 * * 0'
 jobs:
   tests:
     runs-on: ubuntu-latest
diff --git a/.github/workflows/scan-kics.yaml b/.github/workflows/scan-kics.yaml
new file mode 100644
index 00000000..d82bfb8d
--- /dev/null
+++ b/.github/workflows/scan-kics.yaml
@@ -0,0 +1,46 @@
+name: Scan CVEs - KICS
+
+permissions:
+  contents: read
+
+on:
+  push:
+    branches:
+      - main
+  pull_request:
+    branches:
+      - main
+jobs:
+  kics:
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+    steps:
+      - name: Checkout Source
+        uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
+      
+      - name: run kics Scan
+        uses: checkmarx/kics-github-action@94469746ec2c43de89a42fb9d2a80070f5d25b16 # v2.1.3
+        with:
+          path: 'demo,src'
+          output_formats: 'sarif'
+     
+      - name: display kics results
+        run: |
+          cat results.sarif
+      
+      - name: Upload artifact
+        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
+        with:
+          name: SARIF file
+          path: results.sarif
+          retention-days: 5
+
+      - name: Upload SARIF file
+        uses: github/codeql-action/upload-sarif@c36620d31ac7c881962c3d9dd939c40ec9434f2b # v3.26.12
+        with:
+          sarif_file: results.sarif
+
+    
\ No newline at end of file
diff --git a/demo/simple/pod.fail.yaml b/demo/simple/pod.fail.yaml
index 8077ee64..19e38731 100644
--- a/demo/simple/pod.fail.yaml
+++ b/demo/simple/pod.fail.yaml
@@ -1,3 +1,4 @@
+#kics-scan ignore
 ---
 apiVersion: v1
 kind: Pod
diff --git a/demo/simple/pod.pass.yaml b/demo/simple/pod.pass.yaml
index a745fa9d..fde22399 100644
--- a/demo/simple/pod.pass.yaml
+++ b/demo/simple/pod.pass.yaml
@@ -1,3 +1,4 @@
+#kics-scan ignore
 ---
 apiVersion: v1
 kind: Pod
diff --git a/src/test/e2e/scenarios/api-field/configmap.fail.yaml b/src/test/e2e/scenarios/api-field/configmap.fail.yaml
index 6f291f3b..16e6256a 100644
--- a/src/test/e2e/scenarios/api-field/configmap.fail.yaml
+++ b/src/test/e2e/scenarios/api-field/configmap.fail.yaml
@@ -1,3 +1,4 @@
+#kics-scan ignore
 ---
 apiVersion: v1
 kind: ConfigMap
diff --git a/src/test/e2e/scenarios/api-field/configmap.pass.yaml b/src/test/e2e/scenarios/api-field/configmap.pass.yaml
index 413409c2..e28d003d 100644
--- a/src/test/e2e/scenarios/api-field/configmap.pass.yaml
+++ b/src/test/e2e/scenarios/api-field/configmap.pass.yaml
@@ -1,3 +1,4 @@
+#kics-scan ignore
 ---
 apiVersion: v1
 kind: ConfigMap
diff --git a/src/test/e2e/scenarios/api-field/pod.yaml b/src/test/e2e/scenarios/api-field/pod.yaml
index 0f031ca1..ea3320da 100644
--- a/src/test/e2e/scenarios/api-field/pod.yaml
+++ b/src/test/e2e/scenarios/api-field/pod.yaml
@@ -1,3 +1,4 @@
+#kics-scan ignore
 ---
 apiVersion: v1
 kind: Pod
diff --git a/src/test/e2e/scenarios/composition-component-definition/pod.pass.yaml b/src/test/e2e/scenarios/composition-component-definition/pod.pass.yaml
index 65d23306..b3f6eee5 100644
--- a/src/test/e2e/scenarios/composition-component-definition/pod.pass.yaml
+++ b/src/test/e2e/scenarios/composition-component-definition/pod.pass.yaml
@@ -1,3 +1,4 @@
+#kics-scan ignore
 ---
 apiVersion: v1
 kind: Pod
diff --git a/src/test/e2e/scenarios/dev-get-resources/configmap.yaml b/src/test/e2e/scenarios/dev-get-resources/configmap.yaml
index 80b6984d..3b6420d6 100644
--- a/src/test/e2e/scenarios/dev-get-resources/configmap.yaml
+++ b/src/test/e2e/scenarios/dev-get-resources/configmap.yaml
@@ -1,3 +1,4 @@
+#kics-scan ignore
 ---
 apiVersion: v1
 kind: ConfigMap
diff --git a/src/test/e2e/scenarios/dev-get-resources/pod.yaml b/src/test/e2e/scenarios/dev-get-resources/pod.yaml
index 1b503c67..8c8c47b8 100644
--- a/src/test/e2e/scenarios/dev-get-resources/pod.yaml
+++ b/src/test/e2e/scenarios/dev-get-resources/pod.yaml
@@ -1,3 +1,4 @@
+#kics-scan ignore
 apiVersion: v1
 kind: Pod
 metadata:
diff --git a/src/test/e2e/scenarios/dev-validate/pod.pass.yaml b/src/test/e2e/scenarios/dev-validate/pod.pass.yaml
index 21443d84..ff98c273 100644
--- a/src/test/e2e/scenarios/dev-validate/pod.pass.yaml
+++ b/src/test/e2e/scenarios/dev-validate/pod.pass.yaml
@@ -1,3 +1,4 @@
+#kics-scan ignore
 ---
 apiVersion: v1
 kind: Pod
diff --git a/src/test/e2e/scenarios/multi-resource/configmap.yaml b/src/test/e2e/scenarios/multi-resource/configmap.yaml
index 80b6984d..3b6420d6 100644
--- a/src/test/e2e/scenarios/multi-resource/configmap.yaml
+++ b/src/test/e2e/scenarios/multi-resource/configmap.yaml
@@ -1,3 +1,4 @@
+#kics-scan ignore
 ---
 apiVersion: v1
 kind: ConfigMap
diff --git a/src/test/e2e/scenarios/multi-resource/pod.yaml b/src/test/e2e/scenarios/multi-resource/pod.yaml
index 0f031ca1..ea3320da 100644
--- a/src/test/e2e/scenarios/multi-resource/pod.yaml
+++ b/src/test/e2e/scenarios/multi-resource/pod.yaml
@@ -1,3 +1,4 @@
+#kics-scan ignore
 ---
 apiVersion: v1
 kind: Pod
diff --git a/src/test/e2e/scenarios/multi-resource/podvt1.yaml b/src/test/e2e/scenarios/multi-resource/podvt1.yaml
index 8d8a216b..b7d2bf62 100644
--- a/src/test/e2e/scenarios/multi-resource/podvt1.yaml
+++ b/src/test/e2e/scenarios/multi-resource/podvt1.yaml
@@ -1,3 +1,4 @@
+#kics-scan ignore
 ---
 apiVersion: v1
 kind: Pod
diff --git a/src/test/e2e/scenarios/multi-resource/podvt2.yaml b/src/test/e2e/scenarios/multi-resource/podvt2.yaml
index 2c11d66b..56632c5a 100644
--- a/src/test/e2e/scenarios/multi-resource/podvt2.yaml
+++ b/src/test/e2e/scenarios/multi-resource/podvt2.yaml
@@ -1,3 +1,4 @@
+#kics-scan ignore
 ---
 apiVersion: v1
 kind: Pod
diff --git a/src/test/e2e/scenarios/outputs/pod.yaml b/src/test/e2e/scenarios/outputs/pod.yaml
index 5af7e938..541cf02c 100644
--- a/src/test/e2e/scenarios/outputs/pod.yaml
+++ b/src/test/e2e/scenarios/outputs/pod.yaml
@@ -1,3 +1,4 @@
+#kics-scan ignore
 ---
 apiVersion: v1
 kind: Pod
diff --git a/src/test/e2e/scenarios/pod-label/pod.fail.yaml b/src/test/e2e/scenarios/pod-label/pod.fail.yaml
index eafd422f..ae151503 100644
--- a/src/test/e2e/scenarios/pod-label/pod.fail.yaml
+++ b/src/test/e2e/scenarios/pod-label/pod.fail.yaml
@@ -1,3 +1,4 @@
+#kics-scan ignore
 ---
 apiVersion: v1
 kind: Pod
diff --git a/src/test/e2e/scenarios/pod-label/pod.pass.yaml b/src/test/e2e/scenarios/pod-label/pod.pass.yaml
index 61953dc4..227e49a1 100644
--- a/src/test/e2e/scenarios/pod-label/pod.pass.yaml
+++ b/src/test/e2e/scenarios/pod-label/pod.pass.yaml
@@ -1,3 +1,4 @@
+#kics-scan ignore
 ---
 apiVersion: v1
 kind: Pod
diff --git a/src/test/e2e/scenarios/remote-validations/pod.pass.yaml b/src/test/e2e/scenarios/remote-validations/pod.pass.yaml
index 89236f78..8393de73 100644
--- a/src/test/e2e/scenarios/remote-validations/pod.pass.yaml
+++ b/src/test/e2e/scenarios/remote-validations/pod.pass.yaml
@@ -1,3 +1,4 @@
+#kics-scan ignore
 ---
 apiVersion: v1
 kind: Pod
diff --git a/src/test/e2e/scenarios/resource-data/configmap_json.yaml b/src/test/e2e/scenarios/resource-data/configmap_json.yaml
index f5ef6c8d..a1df711f 100644
--- a/src/test/e2e/scenarios/resource-data/configmap_json.yaml
+++ b/src/test/e2e/scenarios/resource-data/configmap_json.yaml
@@ -1,3 +1,4 @@
+#kics-scan ignore
 apiVersion: v1
 kind: ConfigMap
 metadata:
diff --git a/src/test/e2e/scenarios/resource-data/configmap_yaml.yaml b/src/test/e2e/scenarios/resource-data/configmap_yaml.yaml
index d8e5f1fc..54e6fa26 100644
--- a/src/test/e2e/scenarios/resource-data/configmap_yaml.yaml
+++ b/src/test/e2e/scenarios/resource-data/configmap_yaml.yaml
@@ -1,3 +1,4 @@
+#kics-scan ignore
 apiVersion: v1
 kind: ConfigMap
 metadata:
diff --git a/src/test/e2e/scenarios/resource-data/pod.yaml b/src/test/e2e/scenarios/resource-data/pod.yaml
index 46e933b5..369acbe8 100644
--- a/src/test/e2e/scenarios/resource-data/pod.yaml
+++ b/src/test/e2e/scenarios/resource-data/pod.yaml
@@ -1,3 +1,4 @@
+#kics-scan ignore
 apiVersion: v1
 kind: Pod
 metadata:
diff --git a/src/test/e2e/scenarios/resource-data/secret.yaml b/src/test/e2e/scenarios/resource-data/secret.yaml
index 3de47913..501d9d22 100644
--- a/src/test/e2e/scenarios/resource-data/secret.yaml
+++ b/src/test/e2e/scenarios/resource-data/secret.yaml
@@ -1,3 +1,4 @@
+#kics-scan ignore
 apiVersion: v1
 kind: Secret
 metadata:
diff --git a/src/test/e2e/scenarios/template-validation/pod.yaml b/src/test/e2e/scenarios/template-validation/pod.yaml
index 61953dc4..227e49a1 100644
--- a/src/test/e2e/scenarios/template-validation/pod.yaml
+++ b/src/test/e2e/scenarios/template-validation/pod.yaml
@@ -1,3 +1,4 @@
+#kics-scan ignore
 ---
 apiVersion: v1
 kind: Pod
diff --git a/src/test/e2e/scenarios/validation-composition/pod.pass.yaml b/src/test/e2e/scenarios/validation-composition/pod.pass.yaml
index 65d23306..b3f6eee5 100644
--- a/src/test/e2e/scenarios/validation-composition/pod.pass.yaml
+++ b/src/test/e2e/scenarios/validation-composition/pod.pass.yaml
@@ -1,3 +1,4 @@
+#kics-scan ignore
 ---
 apiVersion: v1
 kind: Pod
diff --git a/src/test/e2e/scenarios/wait-field/pod.yaml b/src/test/e2e/scenarios/wait-field/pod.yaml
index 77cf18e7..8c78a9b1 100644
--- a/src/test/e2e/scenarios/wait-field/pod.yaml
+++ b/src/test/e2e/scenarios/wait-field/pod.yaml
@@ -1,3 +1,4 @@
+#kics-scan ignore
 ---
 apiVersion: v1
 kind: Pod