diff --git a/README.md b/README.md
index a1345025..03e2f7c7 100644
--- a/README.md
+++ b/README.md
@@ -75,6 +75,7 @@ The config file has the following sections:
 * [golang](#golang)
 * [golangciLint](#golangcilint)
 * [goReleaser](#goreleaser)
+* [license](#license)
 * [makefile](#makefile)
 * [metadata](#metadata)
 * [nix](#nix)
@@ -289,6 +290,28 @@ The `nameTemplate` option can be used to change the name of uploaded release art
 
 The `files` option can be used to add extra files. For backwards compatibility it defaults to `[ CHANGELOG.md, LICENSE, README.md ]`.
 
+### `license`
+
+```yaml
+license:
+  addHeaders: true
+  checkDependencies: true
+  copyright: 'SAP SE or an SAP affiliate company'
+  spdx: Apache-2.0
+```
+
+`license` contains settings related to the license of the project and specifically license header generation.
+
+`addHeaders` controls whether license headers are added and checked in source files.
+
+`checkDependencies` controls whether dependency licenses are checked for compliance.
+
+`copyright` is the text to be used in the copyright line of the license header.
+
+`spdx` is the SPDX short identifier of the license to be used in the license header.
+
+In SAP Cloud Infrastructure projects all checks are enabled by default and the copyright and SPDX identifier are prefilled accordingly.
+
 ### `makefile`
 
 ```yaml
@@ -402,7 +425,7 @@ customManagers:
 
 ```yaml
 reuse:
-  enabled: false
+  enabled: true
   annotations:
     - paths:
         - internal/**/fixtures/*.json
@@ -574,26 +597,23 @@ This workflow:
 * checks your code using `golangci-lint`
 * ensures that your code compiles successfully
 * runs tests and generates test coverage report
-* uploads the test coverage report to [Coveralls]
 
 ```yaml
-ci:
-  enabled: true
-  runOn:
-    - macos-latest
-    - ubuntu-latest
-    - windows-latest
-  coveralls: true
-  prepareMakeTarget: generate
-  ignorePaths: []
+githubWorkflow:
+  ci:
+    enabled: true
+    runOn:
+      - macos-latest
+      - ubuntu-latest
+      - windows-latest
+    prepareMakeTarget: generate
+    ignorePaths: []
 ```
 
 `runOn` specifies a list of machine(s) to run the `build` and `test` jobs on ([more info][ref-runs-on]).
 You can use this to ensure that your build compilation and tests are
 successful on multiple operating systems. Default value for this is `ubuntu-latest`.
 
-If `coveralls` is `true` then your test coverage report will be uploaded to [Coveralls]. Make sure that you have enabled Coveralls for your GitHub repo beforehand.
-
 `ignorePaths` specifies a list of filename patterns. Workflows will not trigger if a path
 name matches a pattern in this list. [More info][ref-onpushpull] and [filter pattern cheat
 sheet][ref-pattern-cheat-sheet]. This option is not defined by default.
@@ -610,14 +630,15 @@ This is intended for use with `github.com/sapcc/go-bits/easypg`, which can launc
 If `enabled` is set to true, the generated `Dockerfile` is built for the platforms `linux/amd64` and `linux/arm64` and pushed to the repository path under `ghcr.io`.
 
 ```yaml
-pushContainerToGhcr:
-  enabled: true
-  platforms: "linux/amd64,linux/arm64"
-  tagStrategy:
-    - edge
-    - latest
-    - semver
-    - sha
+githubWorkflow:
+  pushContainerToGhcr:
+    enabled: true
+    platforms: "linux/amd64,linux/arm64"
+    tagStrategy:
+      - edge
+      - latest
+      - semver
+      - sha
 ```
 
 `platforms` configures for which platforms the multi-arch docker image is built. Defaults to `linux/amd64`. Note: emulation is provided by qemu and might take significant time.
@@ -650,9 +671,10 @@ If `securityChecks` is enabled then it will generate the following workflows:
   It uses the [Go Vulnerability Database](https://pkg.go.dev/vuln/) as a source.
 
 ```yaml
-securityChecks:
-  enabled: true
-  queries: security-extended
+githubWorkflow:
+  securityChecks:
+    enabled: true
+    queries: security-extended
 ```
 
 `queries` is passed through to the GitHub Action. See the [GitHub Documentation](https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning#working-with-custom-configuration-files) for more information.
@@ -663,10 +685,11 @@ This workflow uses [`addlicense`][addlicense] to ensure that all your Go source
 If vendoring is enabled, the `vendor/` directory is always entirely ignored by this workflow.
 
 ```yaml
-license:
-  enabled: true
-  ignorePatterns:
-    - "vendor/**"
+githubWorkflow:
+  license:
+    enabled: true
+    ignorePatterns:
+      - "vendor/**"
 ```
 
 `ignorePatterns` specifies a list of file patterns to check. You can use any pattern
@@ -675,7 +698,6 @@ license:
 **Hint**: You can also use `addlicense` to add license headers to all unignored Go files by running `make license-headers`. The copyright text used is customizable by setting `license.copyright` in the `Makefile.maker.yaml` file.
 
 [codeql]: https://codeql.github.com/
-[coveralls]: https://coveralls.io
 [doublestar-pattern]: https://github.com/bmatcuk/doublestar#patterns
 [go-licence-detector]: https://github.com/elastic/go-licence-detector
 [govulncheck]: https://github.com/golang/vuln
diff --git a/internal/core/config.go b/internal/core/config.go
index 2e31a951..840ea5dc 100644
--- a/internal/core/config.go
+++ b/internal/core/config.go
@@ -156,7 +156,6 @@ type GithubWorkflowConfiguration struct {
 // CIWorkflowConfig appears in type Configuration.
 type CIWorkflowConfig struct {
 	Enabled           bool     `yaml:"enabled"`
-	Coveralls         bool     `yaml:"coveralls"`
 	PrepareMakeTarget string   `yaml:"prepareMakeTarget"`
 	IgnorePaths       []string `yaml:"ignorePaths"`
 	RunsOn            []string `yaml:"runOn"`
@@ -256,7 +255,10 @@ type ControllerGen struct {
 }
 
 type LicenseConfig struct {
-	Copyright Option[string] `yaml:"copyright"`
+	AddHeaders        Option[bool]   `yaml:"addHeaders"`
+	CheckDependencies Option[bool]   `yaml:"checkDependencies"`
+	Copyright         Option[string] `yaml:"copyright"`
+	SPDX              Option[string] `yaml:"spdx"`
 }
 
 type MakefileConfig struct {
@@ -273,6 +275,7 @@ func (m Metadata) IsSAPProject() bool {
 	return strings.HasPrefix(m.URL, "https://github.com/sapcc/") ||
 		strings.HasPrefix(m.URL, "https://github.com/SAP-cloud-infrastructure/") ||
 		strings.HasPrefix(m.URL, "https://github.com/cobaltcore-dev/") ||
+		strings.HasPrefix(m.URL, "https://github.com/cloudoperators/") ||
 		strings.HasPrefix(m.URL, "https://github.com/ironcore-dev/") ||
 		strings.HasPrefix(m.URL, "https://github.wdf.sap.corp/") ||
 		strings.HasPrefix(m.URL, "https://github.tools.sap/")
diff --git a/internal/makefile/makefile.go b/internal/makefile/makefile.go
index 20d377e7..9a7c1b47 100644
--- a/internal/makefile/makefile.go
+++ b/internal/makefile/makefile.go
@@ -35,6 +35,12 @@ func newMakefile(cfg core.Configuration, sr golang.ScanResult) *makefile {
 	runControllerGen := cfg.ControllerGen.Enabled.UnwrapOr(sr.KubernetesController)
 	// TODO: checking on GoVersion is only an aid until we can properly detect rust applications
 	isGolang := sr.GoVersion != ""
+
+	if !strings.HasPrefix(cfg.Metadata.URL, "https://") {
+		logg.Error("The option metadata.url should always start with https://, eg: https://github.com/sapcc/go-makefile-maker")
+		logg.Error("Some defaults or usages of the metadata might not work correctly")
+	}
+
 	isSAPCC := cfg.Metadata.IsSAPProject()
 
 	///////////////////////////////////////////////////////////////////////////
@@ -135,16 +141,16 @@ endif
 		prepareStaticRecipe = append(prepareStaticRecipe, "install-shellcheck")
 	}
 
-	if isSAPCC {
-		if isGolang {
-			prepare.addRule(rule{
-				description: "Install-go-licence-detector required by check-dependency-licenses/static-check",
-				phony:       true,
-				target:      "install-go-licence-detector",
-				recipe:      installTool("go-licence-detector", "go.elastic.co/go-licence-detector@latest"),
-			})
-			prepareStaticRecipe = append(prepareStaticRecipe, "install-go-licence-detector")
-		}
+	if isGolang && (cfg.License.AddHeaders.UnwrapOr(isSAPCC) || cfg.License.CheckDependencies.UnwrapOr(isSAPCC)) {
+		prepare.addRule(rule{
+			description: "Install-go-licence-detector required by check-dependency-licenses/static-check",
+			phony:       true,
+			target:      "install-go-licence-detector",
+			recipe:      installTool("go-licence-detector", "go.elastic.co/go-licence-detector@latest"),
+		})
+		prepareStaticRecipe = append(prepareStaticRecipe, "install-go-licence-detector")
+	}
+	if cfg.License.AddHeaders.UnwrapOr(isSAPCC) {
 		prepare.addRule(rule{
 			description: "Install addlicense required by check-license-headers/license-headers/static-check",
 			phony:       true,
@@ -490,7 +496,7 @@ endif
 		allSourceFilesExpr = `$(shell find -name *.rs)`
 	}
 
-	if isSAPCC {
+	if cfg.License.AddHeaders.UnwrapOr(isSAPCC) {
 		var ignoreOptions []string
 		if cfg.GitHubWorkflow != nil {
 			for _, pattern := range cfg.GitHubWorkflow.License.IgnorePatterns {
@@ -592,25 +598,13 @@ endif
 		}
 	}
 
+	staticCheckPrerequisites := []string{"run-shellcheck"}
 	if isGolang {
 		// add target for static code checks
-		staticCheckPrerequisites := []string{"run-shellcheck", "run-golangci-lint", "run-modernize"}
-		if isSAPCC {
-			staticCheckPrerequisites = append(staticCheckPrerequisites, "check-dependency-licenses", "check-license-headers")
+		staticCheckPrerequisites = append(staticCheckPrerequisites, "run-golangci-lint", "run-modernize")
+		if cfg.License.CheckDependencies.UnwrapOr(isSAPCC) {
+			staticCheckPrerequisites = append(staticCheckPrerequisites, "check-dependency-licenses")
 		}
-		test.addRule(rule{
-			description:   "Run static code checks (internal option to enforce --keep-going)",
-			phony:         true,
-			target:        "__static-check",
-			hideTarget:    true,
-			prerequisites: staticCheckPrerequisites,
-		})
-		test.addRule(rule{
-			description: "Run static code checks",
-			phony:       true,
-			target:      "static-check",
-			recipe:      []string{`@$(MAKE) --keep-going --no-print-directory __static-check`},
-		})
 
 		dev.addRule(rule{
 			description:   "Run goimports on all non-vendored .go files",
@@ -635,6 +629,24 @@ endif
 		})
 	}
 
+	if cfg.License.AddHeaders.UnwrapOr(isSAPCC) {
+		staticCheckPrerequisites = append(staticCheckPrerequisites, "check-license-headers")
+	}
+
+	test.addRule(rule{
+		description:   "Run static code checks (internal option to enforce --keep-going)",
+		phony:         true,
+		target:        "__static-check",
+		hideTarget:    true,
+		prerequisites: staticCheckPrerequisites,
+	})
+	test.addRule(rule{
+		description: "Run static code checks",
+		phony:       true,
+		target:      "static-check",
+		recipe:      []string{`@$(MAKE) --keep-going --no-print-directory __static-check`},
+	})
+
 	// add cleaning target
 	dev.addRule(rule{
 		description: "Run git clean.",
diff --git a/main.go b/main.go
index d31aace6..cfb69892 100644
--- a/main.go
+++ b/main.go
@@ -51,7 +51,8 @@ func main() {
 	must.Succeed(file.Close())
 	cfg.Validate()
 
-	if cfg.GitHubWorkflow != nil && !strings.HasPrefix(cfg.Metadata.URL, "https://github.com/") {
+	// The github.com/ prefix is just a safeguard to avoid false positives when the metadata.url is not complete.
+	if cfg.GitHubWorkflow != nil && !strings.Contains(cfg.Metadata.URL, "github.com/") {
 		cfg.GitHubWorkflow.IsSelfHostedRunner = true
 		if strings.Contains(cfg.Metadata.URL, "/sap-cloud-infrastructure/") {
 			cfg.GitHubWorkflow.IsSugarRunner = true
@@ -112,9 +113,6 @@ func main() {
 	// Render GitHub workflows
 	if cfg.GitHubWorkflow != nil {
 		logg.Debug("rendering GitHub Actions workflows")
-		if cfg.GitHubWorkflow.CI.Coveralls {
-			logg.Fatal("Coveralls support has been removed, please remove it from your Makefile.maker.yaml")
-		}
 		ghworkflow.Render(cfg, sr)
 	}