diff --git a/.github/workflows/build-on-pull-request.yml b/.github/workflows/build-on-pull-request.yml
index 9088e55..aa45bf5 100644
--- a/.github/workflows/build-on-pull-request.yml
+++ b/.github/workflows/build-on-pull-request.yml
@@ -3,10 +3,36 @@ on:
   pull_request:
     branches: [master]
 jobs:
+  #  sast-scan:
+  #    runs-on: ubuntu-latest
+  #    # Skip any PR created by dependabot to avoid permission issues:
+  #    if: (github.actor != 'dependabot[bot]')
+  #    steps:
+  #      - uses: actions/checkout@v5
+  #      - uses: actions/setup-node@v4
+  #        with:
+  #          node-version: "22"
+  #      - run: npm install -g snyk
+  #      - run: snyk config set api=${{ secrets.SNYK_API_KEY }}
+  #      - run: snyk code test src/main
+  malware-scan:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v5
+      - name: Malware Scanner # https://github.com/dell/common-github-actions/blob/main/malware-scanner/README.md
+        uses: dell/common-github-actions/malware-scanner@main
+        with:
+          directories: .
+          options: -ri
   build-and-test:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v5
+      - name: Malware Scanner # https://github.com/dell/common-github-actions/blob/main/malware-scanner/README.md
+        uses: dell/common-github-actions/malware-scanner@main
+        with:
+          directories: .
+          options: -ri
       - name: Set up JDK 8 for x64
         uses: actions/setup-java@v4
         with:
@@ -14,8 +40,3 @@ jobs:
           distribution: "temurin"
           architecture: x64
       - run: mvn package -Dmaven.wagon.http.ssl.insecure=true -Dmaven.wagon.http.ssl.allowall=true
-      - run: mkdir staging && cp target/*.jar staging
-      - uses: actions/upload-artifact@v4
-        with:
-          name: Package
-          path: staging
diff --git a/.github/workflows/build-on-release.yml b/.github/workflows/build-on-release.yml
new file mode 100644
index 0000000..dca0304
--- /dev/null
+++ b/.github/workflows/build-on-release.yml
@@ -0,0 +1,26 @@
+name: build and test on release
+on:
+  push:
+    tags:
+      - "*"
+jobs:
+  build-and-test:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v5
+      - name: Set up JDK 8 for x64
+        uses: actions/setup-java@v4
+        with:
+          java-version: "8"
+          distribution: "temurin"
+          architecture: x64
+      - run: mvn package -Dmaven.wagon.http.ssl.insecure=true -Dmaven.wagon.http.ssl.allowall=true
+      - name: "upload release assets"
+        uses: softprops/action-gh-release@cd28b0f5ee8571b76cfdaa62a30d51d752317477 #https://github.com/softprops/action-gh-release/issues/216
+        if: github.ref_type == 'tag'
+        with:
+          body: |
+            :closed_book: File 1 of 1 uploaded: junit-xml-merger.jar
+          files: |
+            target/junit-xml-merger.jar
+          append_body: true