diff --git a/.deepsource.toml b/.deepsource.toml
deleted file mode 100644
index 4f240cc9a6..0000000000
--- a/.deepsource.toml
+++ /dev/null
@@ -1,33 +0,0 @@
-version = 1
-exclude_patterns = [
-  "docs/docs/javascripts/**",      # Docs: Helpers
-  "docs/ci/**",                    # Docs: CI
-  "InvenTree/InvenTree/static/**", # Backend: CUI static files
-  "ci/**",                         # Backend: CI
-  "InvenTree/**/migrations/*.py",  # Backend: Migration files
-  "src/frontend/src/locales/**",   # Frontend: Translations
-]
-test_patterns = ["**/test_*.py", "**/test.py", "**/tests.py"]
-
-
-[[analyzers]]
-name = "shell"
-
-[[analyzers]]
-name = "javascript"
-
-[analyzers.meta]
-plugins = ["react"]
-
-[[analyzers]]
-name = "python"
-
-[analyzers.meta]
-runtime_version = "3.x.x"
-
-[[analyzers]]
-name = "docker"
-
-[[analyzers]]
-name = "test-coverage"
-enabled = false
diff --git a/.github/workflows/docker.yaml b/.github/workflows/docker.yaml
index 3675e382bf..679fdf1d8b 100644
--- a/.github/workflows/docker.yaml
+++ b/.github/workflows/docker.yaml
@@ -76,8 +76,8 @@ jobs:
           python-version: ${{ env.python_version }}
       - name: Version Check
         run: |
-          pip install requests
-          pip install pyyaml
+          pip install requests==2.31.0
+          pip install pyyaml==6.0.1
           python3 ci/version_check.py
           echo "git_commit_hash=$(git rev-parse --short HEAD)" >> $GITHUB_ENV
           echo "git_commit_date=$(git show -s --format=%ci)" >> $GITHUB_ENV
diff --git a/.github/workflows/qc_checks.yaml b/.github/workflows/qc_checks.yaml
index 78fe5b497d..f915b4c197 100644
--- a/.github/workflows/qc_checks.yaml
+++ b/.github/workflows/qc_checks.yaml
@@ -92,7 +92,7 @@ jobs:
         uses: pre-commit/action@2c7b3805fd2a0fd8c1884dcaebf91fc102a13ecd # pin@v3.0.1
       - name: Check Version
         run: |
-          pip install requests
+          pip install requests==2.31.0
           python3 ci/version_check.py
 
   mkdocs:
@@ -110,7 +110,7 @@ jobs:
           python-version: ${{ env.python_version }}
       - name: Check Config
         run: |
-          pip install pyyaml
+          pip install pyyaml==6.0.1
           pip install -r docs/requirements.txt
           python docs/ci/check_mkdocs_config.py
       - name: Check Links
@@ -156,7 +156,7 @@ jobs:
       - name: Download public schema
         if: needs.paths-filter.outputs.api == 'false'
         run: |
-          pip install requests >/dev/null 2>&1
+          pip install requests==2.31.0 >/dev/null 2>&1
           version="$(python3 ci/version_check.py only_version 2>&1)"
           echo "Version: $version"
           url="https://raw.githubusercontent.com/inventree/schema/main/export/${version}/api.yaml"
@@ -175,7 +175,7 @@ jobs:
         id: version
         if: github.ref == 'refs/heads/master' && needs.paths-filter.outputs.api == 'true'
         run: |
-          pip install requests >/dev/null 2>&1
+          pip install requests==2.31.0 >/dev/null 2>&1
           version="$(python3 ci/version_check.py only_version 2>&1)"
           echo "Version: $version"
           echo "version=$version" >> "$GITHUB_OUTPUT"
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index ca751d0aac..1e787f1dd5 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -19,7 +19,7 @@ jobs:
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # pin@v4.1.1
       - name: Version Check
         run: |
-          pip install requests
+          pip install requests==2.31.0
           python3 ci/version_check.py
       - name: Push to Stable Branch
         uses: ad-m/github-push-action@d91a481090679876dfc4178fef17f286781251df # pin@v0.8.0
diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml
index 371e0f0299..8d69fcf44a 100644
--- a/.github/workflows/scorecard.yml
+++ b/.github/workflows/scorecard.yml
@@ -54,7 +54,7 @@ jobs:
           # For private repositories:
           #   - `publish_results` will always be set to `false`, regardless
           #     of the value entered here.
-          publish_results: false
+          publish_results: true
 
       # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
       # format to the repository Actions tab.
diff --git a/.github/workflows/translations.yml b/.github/workflows/translations.yml
index bdafd8cac3..b719fa8a67 100644
--- a/.github/workflows/translations.yml
+++ b/.github/workflows/translations.yml
@@ -10,12 +10,14 @@ env:
   node_version: 18
 
 permissions:
-  contents: write
+  contents: read
 
 jobs:
   build:
 
     runs-on: ubuntu-latest
+    permissions:
+      contents: write
 
     env:
       GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.sonarcloud.properties b/.sonarcloud.properties
new file mode 100644
index 0000000000..d8f6b37398
--- /dev/null
+++ b/.sonarcloud.properties
@@ -0,0 +1,11 @@
+# Path to sources
+sonar.sources=InvenTree,src,docs
+
+# Path to tests
+sonar.tests=**/test*.py
+#sonar.test.exclusions=
+#sonar.test.inclusions=
+
+# Source encoding
+sonar.sourceEncoding=UTF-8
+sonar.python.version=3.9
diff --git a/Dockerfile b/Dockerfile
index 690d3c0907..20898ee355 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -102,7 +102,7 @@ RUN ./install_build_packages.sh --no-cache --virtual .build-deps && \
 # Frontend builder image:
 FROM prebuild AS frontend
 
-RUN apk add --no-cache --update nodejs npm && npm install -g yarn
+RUN apk add --no-cache --update nodejs npm && npm install -g yarn@v1.22.22
 RUN yarn config set network-timeout 600000 -g
 COPY InvenTree ${INVENTREE_HOME}/InvenTree
 COPY src ${INVENTREE_HOME}/src
@@ -139,11 +139,11 @@ EXPOSE 5173
 # Install packages required for building python packages
 RUN ./install_build_packages.sh
 
-RUN pip install uv --no-cache-dir && pip install -r base_requirements.txt --no-cache
+RUN pip install uv==0.1.26 --no-cache-dir && pip install -r base_requirements.txt --no-cache
 
 # Install nodejs / npm / yarn
 
-RUN apk add --no-cache --update nodejs npm && npm install -g yarn
+RUN apk add --no-cache --update nodejs npm && npm install -g yarn@v1.22.22
 RUN yarn config set network-timeout 600000 -g
 
 # The development image requires the source code to be mounted to /home/inventree/
diff --git a/README.md b/README.md
index 4f3786e266..e0a0202638 100644
--- a/README.md
+++ b/README.md
@@ -11,7 +11,7 @@
 [![OpenSSF Best Practices](https://bestpractices.coreinfrastructure.org/projects/7179/badge)](https://bestpractices.coreinfrastructure.org/projects/7179)
 [![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/inventree/InvenTree/badge)](https://securityscorecards.dev/viewer/?uri=github.com/inventree/InvenTree)
 [![Netlify Status](https://api.netlify.com/api/v1/badges/9bbb2101-0a4d-41e7-ad56-b63fb6053094/deploy-status)](https://app.netlify.com/sites/inventree/deploys)
-[![DeepSource](https://app.deepsource.com/gh/inventree/InvenTree.svg/?label=active+issues&show_trend=false&token=trZWqixKLk2t-RXtpSIAslVJ)](https://app.deepsource.com/gh/inventree/InvenTree/)
+[![Maintainability Rating](https://sonarcloud.io/api/project_badges/measure?project=inventree_InvenTree&metric=sqale_rating)](https://sonarcloud.io/summary/new_code?id=inventree_InvenTree)
 
 [![Coveralls](https://img.shields.io/coveralls/github/inventree/InvenTree)](https://coveralls.io/github/inventree/InvenTree)
 [![Crowdin](https://badges.crowdin.net/inventree/localized.svg)](https://crowdin.com/project/inventree)
diff --git a/contrib/packager.io/functions.sh b/contrib/packager.io/functions.sh
index 97dbd71027..5b74029b9d 100755
--- a/contrib/packager.io/functions.sh
+++ b/contrib/packager.io/functions.sh
@@ -90,7 +90,7 @@ function detect_envs() {
     echo "# Using existing config file: ${INVENTREE_CONFIG_FILE}"
 
     # Install parser
-    pip install jc -q
+    pip install jc==1.25.2 -q
 
     # Load config
     local CONF=$(cat ${INVENTREE_CONFIG_FILE} | jc --yaml)