diff --git a/.github/nad-sld-diagrams.jpg b/.github/nad-sld-diagrams.jpg
deleted file mode 100644
index 8161d3069..000000000
Binary files a/.github/nad-sld-diagrams.jpg and /dev/null differ
diff --git a/.github/workflows/maven.yml b/.github/workflows/maven.yml
deleted file mode 100644
index 9a434ef9e..000000000
--- a/.github/workflows/maven.yml
+++ /dev/null
@@ -1,42 +0,0 @@
-name: CI
-
-on:
-  push:
-    branches:
-      - 'main'
-      - 'release-v**'
-      - 'full-sonar-analysis-**'
-  pull_request:
-
-jobs:
-  build:
-    name: Build OS ${{ matrix.os }}
-    runs-on: ${{ matrix.os }}
-    strategy:
-      matrix:
-        os: [ubuntu-latest, windows-latest, macos-latest]
-
-    steps:
-      - name: Checkout sources
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
-
-      - name: Set up JDK 17
-        uses: actions/setup-java@387ac29b308b003ca37ba93a6cab5eb57c8f5f93 # v4.0.0
-        with:
-          distribution: 'temurin'
-          java-version: 17
-
-      - name: Build with Maven
-        run: mvn --batch-mode -P jacoco,checks package
-
-      - name: Run SonarCloud analysis
-        if: matrix.os == 'ubuntu-latest'
-        run: >
-          mvn --batch-mode -Pjacoco verify sonar:sonar
-          -Dsonar.host.url=https://sonarcloud.io
-          -Dsonar.organization=powsybl-ci-github
-          -Dsonar.projectKey=com.powsybl:powsybl-diagram
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
-
diff --git a/.github/workflows/sync-fork.yml b/.github/workflows/sync-fork.yml
new file mode 100644
index 000000000..42ba38054
--- /dev/null
+++ b/.github/workflows/sync-fork.yml
@@ -0,0 +1,89 @@
+name: Sync fork
+
+on:
+  workflow_dispatch: {}
+  schedule:
+    - cron: "15 3 * * *"   # Run every day at 3:15 UTC
+
+jobs:
+  sync:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout fork's default branch
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+          path: "fork"
+          token: ${{ secrets.GH_PAT }}
+      - name: Checkout fork's configuration branch
+        uses: actions/checkout@v4
+        with:
+          path: "configuration"
+          ref: "renovate-and-workflow-files"
+          token: ${{ secrets.GH_PAT }}
+      - name: Determine Upstream clone URL
+        id: upstream-repo-clone-url
+        uses: actions/github-script@v7
+        with:
+          script: |
+            const { data } = await github.rest.repos.get({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+            });
+            if (data.fork) {
+              return data.parent.clone_url;
+            } else {
+              throw new Error('This repository is not a fork.');
+            }
+          result-encoding: string
+      - name: Determine Upstream default branch
+        id: upstream-repo-default-branch
+        uses: actions/github-script@v7
+        with:
+          script: |
+            const { data } = await github.rest.repos.get({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+            });
+            if (data.fork) {
+              return data.parent.default_branch;
+            } else {
+              throw new Error('This repository is not a fork.');
+            }
+          result-encoding: string
+      - name: Sync fork with upstream
+        run: |
+          set -ex
+          cd fork
+          git config --global user.name "github-actions[bot]"
+          git config --global user.email "41898282+github-actions[bot]@users.noreply.github.com"
+          git remote add upstream ${{ steps.upstream-repo-clone-url.outputs.result }}
+          git fetch upstream ${{ steps.upstream-repo-default-branch.outputs.result }}
+          UPSTREAM_MOST_RECENT_COMMIT_HASH=$(git log upstream/${{ steps.upstream-repo-default-branch.outputs.result }} -n 1 --format="%H")
+          PREVIOUS_SYNC_COMMIT_HASH=$(cat ../configuration/upstream_commit_hash)
+          if [ "$PREVIOUS_SYNC_COMMIT_HASH" = "$UPSTREAM_MOST_RECENT_COMMIT_HASH" ]; then
+            echo "No need to sync, already up-to-date"
+            exit 0
+          fi
+          
+          git reset --hard upstream/${{ steps.upstream-repo-default-branch.outputs.result }}
+          # Enforce the usage of our own config (renovate.json5)
+          git rm renovate.json* || true
+          # Avoid problems where an existing .gitignore file would prevent committing our configuration files
+          git rm .gitignore || true
+          # Delete existing workflows, we don't need to run them in our fork
+          rm -rf .github || true
+          # Instead of using "cp -r", rsync allows us to exclude the .git directory
+          rsync -av --exclude '.git' ../configuration/ .
+          rm upstream_commit_hash
+          git add .
+          git commit -m "add Renovate and custom workflow files"
+          git push --force-with-lease
+          
+          cd ../configuration
+          # git config user.name "github-actions[bot]"
+          # git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
+          echo $UPSTREAM_MOST_RECENT_COMMIT_HASH > upstream_commit_hash
+          git add upstream_commit_hash
+          git commit -m "update commit hash to $UPSTREAM_MOST_RECENT_COMMIT_HASH"
+          git push
diff --git a/.github/workflows/trivy-dependencies-submission.yml b/.github/workflows/trivy-dependencies-submission.yml
new file mode 100644
index 000000000..71f59af7e
--- /dev/null
+++ b/.github/workflows/trivy-dependencies-submission.yml
@@ -0,0 +1,27 @@
+name: SBOM upload from Trivy
+
+on:
+  workflow_dispatch: {}
+  schedule:
+    - cron: "0 9 */5 * *"   # Run every fifth day at 9 AM UTC
+
+jobs:
+  SBOM-upload:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Run Trivy vulnerability scanner in repo mode
+        uses: aquasecurity/trivy-action@0.23.0
+        with:
+          scan-type: 'fs'
+          ignore-unfixed: true
+          format: 'github'
+          output: 'trivy-results.gsbom'
+          github-pat: ${{ secrets.GITHUB_TOKEN }}  # this causes a curl call to upload the snapshot
+
+      - name: Upload report file
+        uses: actions/upload-artifact@v4
+        with:
+          name: trivy-results
+          path: trivy-results.gsbom
diff --git a/.gitignore b/.gitignore
deleted file mode 100644
index 7a172f86e..000000000
--- a/.gitignore
+++ /dev/null
@@ -1,22 +0,0 @@
-# Maven projects
-target/
-
-# IntelliJ
-/.idea
-*.iml
-
-# Eclipse projects
-.classpath
-.project
-.factorypath
-org.eclipse.core.resources.prefs
-org.eclipse.m2e.core.prefs
-org.eclipse.jdt.core.prefs
-org.eclipse.jdt.apt.core.prefs
-org.eclipse.jdt.groovy.core.prefs
-
-# Virtual Studio
-.vscode
-
-# Generated readthedocs pages
-build-docs/
\ No newline at end of file
diff --git a/pom.xml b/pom.xml
index 2101abce1..bb4989ab0 100644
--- a/pom.xml
+++ b/pom.xml
@@ -15,7 +15,7 @@
     <parent>
         <groupId>com.powsybl</groupId>
         <artifactId>powsybl-parent</artifactId>
-        <version>15</version>
+        <version>20</version>
         <relativePath/>
     </parent>
     <artifactId>powsybl-diagram</artifactId>
diff --git a/renovate.json5 b/renovate.json5
new file mode 100644
index 000000000..53fe2ac32
--- /dev/null
+++ b/renovate.json5
@@ -0,0 +1,12 @@
+{
+  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
+  "extends": [
+    "config:recommended",
+    ":disableRateLimiting"
+  ],
+  "labels": ["dependencies", "depManager:{{{manager}}}"],
+  "vulnerabilityAlerts": {
+    "labels": ["security", "dependencies", "depManager:{{{manager}}}"],
+  },
+  "forkProcessing": "enabled"
+}