diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index ceb6d1f3ba..f78bf56c40 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -20,37 +20,12 @@ permissions:
   contents: read
 
 jobs:
-  analyze:
+  codeql:
     permissions:
       packages: read
       actions: read # for github/codeql-action/init to get workflow details
       contents: read # for actions/checkout to fetch code
       security-events: write # for github/codeql-action/autobuild to send a status report
-    name: Analyze (${{ matrix.language }})
-    runs-on: ubuntu-24.04
-
-    strategy:
-      fail-fast: false
-      matrix:
-        include:
-          - language: go
-            build-mode: autobuild
-          - language: javascript-typescript
-            build-mode: none
-
-    steps:
-      - name: Checkout repository
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-
-      # Initializes the CodeQL tools for scanning.
-      - name: Initialize CodeQL
-        uses: github/codeql-action/init@60168efe1c415ce0f5521ea06d5c2062adbeed1b # v3.28.17
-        with:
-          languages: ${{ matrix.language }}
-          build-mode: ${{ matrix.build-mode }}
-          queries: security-and-quality
-
-      - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@60168efe1c415ce0f5521ea06d5c2062adbeed1b # v3.28.17
-        with:
-          category: "/language:${{matrix.language}}"
+    uses: nginxinc/compliance-rules/.github/workflows/codeql.yml@v0.1
+    with:
+      requested_languages: go,javascript-typescript
diff --git a/.github/workflows/mend.yml b/.github/workflows/mend.yml
index 9add0c4e87..13c7055881 100644
--- a/.github/workflows/mend.yml
+++ b/.github/workflows/mend.yml
@@ -4,6 +4,7 @@ on:
   push:
     branches:
       - main
+      - release-*
     tags:
       - "v[0-9]+.[0-9]+.[0-9]+*"
     paths-ignore:
@@ -11,6 +12,15 @@ on:
       - deploy**
       - docs/**
       - examples/**
+  pull_request:
+    branches:
+      - main
+      - release-*
+    paths-ignore:
+      - design/**
+      - deploy**
+      - docs/**
+      - examples/**
 
 concurrency:
   group: ${{ github.ref_name }}-mend
@@ -20,22 +30,10 @@ permissions:
   contents: read
 
 jobs:
-  scan:
-    name: Mend
-    runs-on: ubuntu-24.04
+  mend:
     if: ${{ github.event.repository.fork == false }}
-    steps:
-      - name: Checkout Repository
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-
-      - name: Download agent
-        run: curl -LJO https://github.com/whitesource/unified-agent-distribution/releases/latest/download/wss-unified-agent.jar
-
-      - name: Verify JAR
-        run: jarsigner -verify wss-unified-agent.jar
-
-      - name: Scan and upload
-        env:
-          PRODUCT_NAME: nginx-gateway-fabric_${{ github.ref_name }}
-          PROJECT_NAME: nginx-gateway-fabric
-        run: java -jar wss-unified-agent.jar -noConfig true -wss.url ${{ secrets.WSS_URL }} -apiKey ${{ secrets.WSS_NGINX_TOKEN }} -product $PRODUCT_NAME -project $PROJECT_NAME -d .
+    uses: nginxinc/compliance-rules/.github/workflows/mend.yml@v0.1
+    secrets: inherit
+    with:
+      product_name: nginx-gateway-fabric_${{ github.ref_name }}
+      project_name: nginx-gateway-fabric