diff --git a/.github/ISSUE_TEMPLATE/bug_report.md b/.github/ISSUE_TEMPLATE/bug_report.md
deleted file mode 100644
index dd84ea78..00000000
--- a/.github/ISSUE_TEMPLATE/bug_report.md
+++ /dev/null
@@ -1,38 +0,0 @@
----
-name: Bug report
-about: Create a report to help us improve
-title: ''
-labels: ''
-assignees: ''
-
----
-
-**Describe the bug**
-A clear and concise description of what the bug is.
-
-**To Reproduce**
-Steps to reproduce the behavior:
-1. Go to '...'
-2. Click on '....'
-3. Scroll down to '....'
-4. See error
-
-**Expected behavior**
-A clear and concise description of what you expected to happen.
-
-**Screenshots**
-If applicable, add screenshots to help explain your problem.
-
-**Desktop (please complete the following information):**
- - OS: [e.g. iOS]
- - Browser [e.g. chrome, safari]
- - Version [e.g. 22]
-
-**Smartphone (please complete the following information):**
- - Device: [e.g. iPhone6]
- - OS: [e.g. iOS8.1]
- - Browser [e.g. stock browser, safari]
- - Version [e.g. 22]
-
-**Additional context**
-Add any other context about the problem here.
diff --git a/.github/ISSUE_TEMPLATE/feature_request.md b/.github/ISSUE_TEMPLATE/feature_request.md
deleted file mode 100644
index bbcbbe7d..00000000
--- a/.github/ISSUE_TEMPLATE/feature_request.md
+++ /dev/null
@@ -1,20 +0,0 @@
----
-name: Feature request
-about: Suggest an idea for this project
-title: ''
-labels: ''
-assignees: ''
-
----
-
-**Is your feature request related to a problem? Please describe.**
-A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
-
-**Describe the solution you'd like**
-A clear and concise description of what you want to happen.
-
-**Describe alternatives you've considered**
-A clear and concise description of any alternative solutions or features you've considered.
-
-**Additional context**
-Add any other context or screenshots about the feature request here.
diff --git a/.github/workflows/sync-fork.yml b/.github/workflows/sync-fork.yml
new file mode 100644
index 00000000..42ba3805
--- /dev/null
+++ b/.github/workflows/sync-fork.yml
@@ -0,0 +1,89 @@
+name: Sync fork
+
+on:
+  workflow_dispatch: {}
+  schedule:
+    - cron: "15 3 * * *"   # Run every day at 3:15 UTC
+
+jobs:
+  sync:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout fork's default branch
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+          path: "fork"
+          token: ${{ secrets.GH_PAT }}
+      - name: Checkout fork's configuration branch
+        uses: actions/checkout@v4
+        with:
+          path: "configuration"
+          ref: "renovate-and-workflow-files"
+          token: ${{ secrets.GH_PAT }}
+      - name: Determine Upstream clone URL
+        id: upstream-repo-clone-url
+        uses: actions/github-script@v7
+        with:
+          script: |
+            const { data } = await github.rest.repos.get({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+            });
+            if (data.fork) {
+              return data.parent.clone_url;
+            } else {
+              throw new Error('This repository is not a fork.');
+            }
+          result-encoding: string
+      - name: Determine Upstream default branch
+        id: upstream-repo-default-branch
+        uses: actions/github-script@v7
+        with:
+          script: |
+            const { data } = await github.rest.repos.get({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+            });
+            if (data.fork) {
+              return data.parent.default_branch;
+            } else {
+              throw new Error('This repository is not a fork.');
+            }
+          result-encoding: string
+      - name: Sync fork with upstream
+        run: |
+          set -ex
+          cd fork
+          git config --global user.name "github-actions[bot]"
+          git config --global user.email "41898282+github-actions[bot]@users.noreply.github.com"
+          git remote add upstream ${{ steps.upstream-repo-clone-url.outputs.result }}
+          git fetch upstream ${{ steps.upstream-repo-default-branch.outputs.result }}
+          UPSTREAM_MOST_RECENT_COMMIT_HASH=$(git log upstream/${{ steps.upstream-repo-default-branch.outputs.result }} -n 1 --format="%H")
+          PREVIOUS_SYNC_COMMIT_HASH=$(cat ../configuration/upstream_commit_hash)
+          if [ "$PREVIOUS_SYNC_COMMIT_HASH" = "$UPSTREAM_MOST_RECENT_COMMIT_HASH" ]; then
+            echo "No need to sync, already up-to-date"
+            exit 0
+          fi
+          
+          git reset --hard upstream/${{ steps.upstream-repo-default-branch.outputs.result }}
+          # Enforce the usage of our own config (renovate.json5)
+          git rm renovate.json* || true
+          # Avoid problems where an existing .gitignore file would prevent committing our configuration files
+          git rm .gitignore || true
+          # Delete existing workflows, we don't need to run them in our fork
+          rm -rf .github || true
+          # Instead of using "cp -r", rsync allows us to exclude the .git directory
+          rsync -av --exclude '.git' ../configuration/ .
+          rm upstream_commit_hash
+          git add .
+          git commit -m "add Renovate and custom workflow files"
+          git push --force-with-lease
+          
+          cd ../configuration
+          # git config user.name "github-actions[bot]"
+          # git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
+          echo $UPSTREAM_MOST_RECENT_COMMIT_HASH > upstream_commit_hash
+          git add upstream_commit_hash
+          git commit -m "update commit hash to $UPSTREAM_MOST_RECENT_COMMIT_HASH"
+          git push
diff --git a/.github/workflows/trivy-dependencies-submission.yml b/.github/workflows/trivy-dependencies-submission.yml
new file mode 100644
index 00000000..71f59af7
--- /dev/null
+++ b/.github/workflows/trivy-dependencies-submission.yml
@@ -0,0 +1,27 @@
+name: SBOM upload from Trivy
+
+on:
+  workflow_dispatch: {}
+  schedule:
+    - cron: "0 9 */5 * *"   # Run every fifth day at 9 AM UTC
+
+jobs:
+  SBOM-upload:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Run Trivy vulnerability scanner in repo mode
+        uses: aquasecurity/trivy-action@0.23.0
+        with:
+          scan-type: 'fs'
+          ignore-unfixed: true
+          format: 'github'
+          output: 'trivy-results.gsbom'
+          github-pat: ${{ secrets.GITHUB_TOKEN }}  # this causes a curl call to upload the snapshot
+
+      - name: Upload report file
+        uses: actions/upload-artifact@v4
+        with:
+          name: trivy-results
+          path: trivy-results.gsbom
diff --git a/renovate.json5 b/renovate.json5
new file mode 100644
index 00000000..53fe2ac3
--- /dev/null
+++ b/renovate.json5
@@ -0,0 +1,12 @@
+{
+  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
+  "extends": [
+    "config:recommended",
+    ":disableRateLimiting"
+  ],
+  "labels": ["dependencies", "depManager:{{{manager}}}"],
+  "vulnerabilityAlerts": {
+    "labels": ["security", "dependencies", "depManager:{{{manager}}}"],
+  },
+  "forkProcessing": "enabled"
+}