diff --git a/.github/workflows/openssf-scorecard.yml b/.github/workflows/openssf-scorecard.yml
new file mode 100644
index 00000000..ede8c39e
--- /dev/null
+++ b/.github/workflows/openssf-scorecard.yml
@@ -0,0 +1,26 @@
+# SPDX-FileCopyrightText: 2025 Digg - Agency for Digital Government
+#
+# SPDX-License-Identifier: CC0-1.0
+
+---
+name: OpenSSF Scorecard Analysis
+on:
+  schedule:
+    # Saturdays at 02:20 UTC
+    - cron: "20 2 * * 6"
+    # Wednesdays at 02:20 UTC
+    - cron: "20 2 * * 3"
+  workflow_dispatch:
+
+permissions:
+  contents: read
+
+jobs:
+  scorecard-analysis:
+    permissions:
+      contents: read
+      security-events: write
+      id-token: write
+    uses: diggsweden/reusable-ci/.github/workflows/security-openssf-scorecard.yml@1a7dcd9c5257495ebf141e4e4b4bac438a8aae56 # v2.0.0
+    with:
+      publish-results: true
diff --git a/.github/workflows/openssfscorecard.yml b/.github/workflows/openssfscorecard.yml
deleted file mode 100644
index 28184cf7..00000000
--- a/.github/workflows/openssfscorecard.yml
+++ /dev/null
@@ -1,22 +0,0 @@
-# SPDX-FileCopyrightText: 2025 diggsweden/rest-api-profil-lint-processor
-#
-# SPDX-License-Identifier: CC0-1.0
-
----
-name: OpenSSF Scorecard analysis
-
-on:
-  schedule:
-    # Weekly on Thursdays at 01:30 UTC
-    - cron: "30 1 * * 4"
-
-permissions:
-  contents: read  # Best Security practice. Jobs only get read as base, and then permissions are added as needed
-
-jobs:
-  scorecard-analysis:
-    permissions:
-      contents: read
-      security-events: write
-      id-token: write
-    uses: diggsweden/reusable-ci/.github/workflows/security-openssf-scorecard.yml@v2
\ No newline at end of file
diff --git a/.github/workflows/pullrequest-workflow.yml b/.github/workflows/pullrequest-workflow.yml
index 92f0baa6..0251c947 100644
--- a/.github/workflows/pullrequest-workflow.yml
+++ b/.github/workflows/pullrequest-workflow.yml
@@ -18,7 +18,7 @@ permissions:
 
 jobs:
   pr-checks:
-    uses: diggsweden/reusable-ci/.github/workflows/pullrequest-orchestrator.yml@v2
+    uses: diggsweden/reusable-ci/.github/workflows/pullrequest-orchestrator.yml@1a7dcd9c5257495ebf141e4e4b4bac438a8aae56 # v2.0.0
     secrets: inherit  # Pass org-level secrets (NPM token if private packages)
     permissions:
       contents: read         # Clone repository and read source code
diff --git a/.github/workflows/release-dev-workflow.yml b/.github/workflows/release-dev-workflow.yml
index b194726e..4c8118e0 100644
--- a/.github/workflows/release-dev-workflow.yml
+++ b/.github/workflows/release-dev-workflow.yml
@@ -31,7 +31,7 @@ jobs:
     permissions:
       contents: read
       packages: write
-    uses: diggsweden/reusable-ci/.github/workflows/release-dev-orchestrator.yml@v2
+    uses: diggsweden/reusable-ci/.github/workflows/release-dev-orchestrator.yml@1a7dcd9c5257495ebf141e4e4b4bac438a8aae56 # v2.0.0
     with:
       project-type: npm
       package-scope: "@diggsweden"
diff --git a/.github/workflows/release-workflow.yml b/.github/workflows/release-workflow.yml
index 015ff8ea..79e8fe77 100644
--- a/.github/workflows/release-workflow.yml
+++ b/.github/workflows/release-workflow.yml
@@ -24,7 +24,7 @@ permissions:
 
 jobs:
   release:
-    uses: diggsweden/reusable-ci/.github/workflows/release-orchestrator.yml@v2
+    uses: diggsweden/reusable-ci/.github/workflows/release-orchestrator.yml@1a7dcd9c5257495ebf141e4e4b4bac438a8aae56 # v2.0.0
     permissions:
       contents: write         # Create GitHub releases, push changelog commits
       packages: write         # Publish to GitHub Packages
diff --git a/renovate.json b/renovate.json
index 4fbb7de5..24f7936b 100644
--- a/renovate.json
+++ b/renovate.json
@@ -1,29 +1,13 @@
 {
   "$schema": "https://docs.renovatebot.com/renovate-schema.json",
-  "osvVulnerabilityAlerts": true,
-  "dependencyDashboardOSVVulnerabilitySummary": "all",
   "extends": [
-    "config:best-practices",
-    "workarounds:all",
-    "security:openssf-scorecard",
-    ":configMigration",
-    ":dependencyDashboard",
-    ":gitSignOff",
-    ":maintainLockFilesWeekly",
-    ":automergePatch",
-    ":semanticCommits",
-    "security:minimumReleaseAgeNpm",
-    ":rebaseStalePrs",
-    ":semanticCommitTypeAll(chore)",
-    "mergeConfidence:all-badges"
+    "local>diggsweden/.github:renovate-base",
+    ":maintainLockFilesWeekly"
+  ],
+  "enabledManagers": [
+    "github-actions",
+    "npm"
   ],
-  "commitMessageLowerCase": "auto",
-  "minimumReleaseAge": "7 days",
-  "labels": ["dependencies"],
-  "vulnerabilityAlerts": {
-    "labels": ["security", "dependencies"]
-  },
-  "timezone": "Europe/Stockholm",
   "platformAutomerge": false,
   "automergeSchedule": ["0 9-21 * * 6"],
   "packageRules": [
@@ -32,17 +16,6 @@
       "matchUpdateTypes": ["patch"],
       "automerge": true
     },
-    {
-      "matchManagers": ["github-actions"],
-      "addLabels": ["actions"],
-      "pinDigests": true,
-      "groupName": "github actions"
-    },
-    {
-      "matchManagers": ["github-actions"],
-      "matchPackageNames": ["slsa-framework/slsa-github-generator"],
-      "pinDigests": false
-    },
     {
       "description": "Node.js dependencies - Major updates",
       "matchManagers": ["npm"],