diff --git a/.github/workflows/maven-mend-pr.yml b/.github/workflows/maven-mend-pr.yml
new file mode 100644
index 000000000..d564c84f6
--- /dev/null
+++ b/.github/workflows/maven-mend-pr.yml
@@ -0,0 +1,33 @@
+name: Mend CLI scan for Maven PR
+
+on:
+  workflow_run: # zizmor: ignore[dangerous-triggers]
+    workflows: ["Java CI with Maven"]
+    types: [completed]
+
+permissions:
+  contents: read
+  actions: read
+  checks: write
+  pull-requests: write
+  security-events: write
+
+concurrency:
+  group: mend-scan-${{ github.event.workflow_run.pull_requests[0].number || github.event.workflow_run.head_sha }}
+  cancel-in-progress: true
+
+jobs:
+  scan:
+    if: github.event.workflow_run.conclusion == 'success' && github.event.workflow_run.event == 'pull_request'
+    uses: project-ncl/shared-github-actions/.github/workflows/mend-ci.yml@153b97777335953545bc8a907eb5f062af66b7f2 # v0.0.18
+    with:
+      SCA: true
+      SAST: true
+      triggering_run_id: ${{ github.event.workflow_run.id }}
+      pr_feedback: true
+    secrets:
+      MEND_URL: ${{ secrets.MEND_URL }}
+      MEND_USER_KEY: ${{ secrets.MEND_USER_KEY }}
+      MEND_EMAIL: ${{ secrets.MEND_EMAIL }}
+      MEND_ORGNAME: ${{ secrets.MEND_ORGNAME }}
+      MEND_PRODUCTNAME: ${{ secrets.MEND_PRODUCTNAME }}
diff --git a/.github/workflows/maven-mend.yml b/.github/workflows/maven-mend.yml
new file mode 100644
index 000000000..12fcbae56
--- /dev/null
+++ b/.github/workflows/maven-mend.yml
@@ -0,0 +1,34 @@
+name: Mend CLI scan for Maven
+
+on:
+  push:
+    branches:
+      - master
+  schedule:
+    - cron: "0 22 * * 0"
+
+permissions:
+  contents: read
+  actions: read
+  checks: write
+  pull-requests: write
+  security-events: write
+
+jobs:
+  build:
+    uses: project-ncl/shared-github-actions/.github/workflows/maven-ci.yml@153b97777335953545bc8a907eb5f062af66b7f2 # v0.0.18
+    with:
+      upload_artifacts: true
+
+  call-mend-ci:
+    needs: build
+    uses: project-ncl/shared-github-actions/.github/workflows/mend-ci.yml@153b97777335953545bc8a907eb5f062af66b7f2 # v0.0.18
+    with:
+      SCA: true
+      SAST: true
+    secrets:
+      MEND_URL: ${{ secrets.MEND_URL }}
+      MEND_USER_KEY: ${{ secrets.MEND_USER_KEY }}
+      MEND_EMAIL: ${{ secrets.MEND_EMAIL }}
+      MEND_ORGNAME: ${{ secrets.MEND_ORGNAME }}
+      MEND_PRODUCTNAME: ${{ secrets.MEND_PRODUCTNAME }}
diff --git a/.github/workflows/maven-pr.yml b/.github/workflows/maven-pr.yml
index 225744a19..7ce63c2bf 100644
--- a/.github/workflows/maven-pr.yml
+++ b/.github/workflows/maven-pr.yml
@@ -8,7 +8,8 @@
 
 name: Java CI with Maven
 
-permissions: {}
+permissions:
+  contents: read
 
 on:
   pull_request:
@@ -16,6 +17,7 @@ on:
 
 jobs:
     call-maven-ci:
-      uses: project-ncl/shared-github-actions/.github/workflows/maven-ci.yml@2d927763b5bcdd30dead156c32649470cc2b2aa3 # v0.0.17
+      uses: project-ncl/shared-github-actions/.github/workflows/maven-ci.yml@153b97777335953545bc8a907eb5f062af66b7f2 # v0.0.18
       with:
         java_version: 17
+        upload_artifacts: true
diff --git a/pom.xml b/pom.xml
index 7794a0d67..3edbb326d 100644
--- a/pom.xml
+++ b/pom.xml
@@ -6,7 +6,7 @@
     <groupId>org.jboss</groupId>
     <artifactId>jboss-parent</artifactId>
     <version>53</version>
-    <relativePath />
+    <relativePath/>
   </parent>
 
   <groupId>org.jboss.da</groupId>
@@ -98,7 +98,7 @@
     <version.io.opentelemetry.instrumentation>2.27.0</version.io.opentelemetry.instrumentation>
 
     <persistence.hibernate.hbm2ddl.auto>update</persistence.hibernate.hbm2ddl.auto>
-    <tagSuffix />
+    <tagSuffix/>
   </properties>
 
   <dependencyManagement>
@@ -557,7 +557,7 @@
         <version>3.4.0</version>
         <configuration>
           <java>
-            <removeUnusedImports />
+            <removeUnusedImports/>
             <importOrder>
               <file>java-import-order.txt</file>
             </importOrder>