diff --git a/.github/actions/install-common-dependencies/action.yml b/.github/actions/install-common-dependencies/action.yml
index 1ab89c97dc6..bc8f04e02f5 100644
--- a/.github/actions/install-common-dependencies/action.yml
+++ b/.github/actions/install-common-dependencies/action.yml
@@ -4,6 +4,20 @@ description: 'Install common dependencies for the project'
 runs:
   using: 'composite'
   steps:
+    - name: Vault
+      id: artifactory-secrets
+      uses: SonarSource/vault-action-wrapper@320bd31b03e5dacaac6be51bbbb15adf7caccc32 # v3.1.0
+      with:
+        secrets: |
+          development/artifactory/token/{REPO_OWNER_NAME_DASH}-private-reader access_token | ARTIFACTORY_ACCESS_TOKEN;
+    - name: Configure npm
+      shell: bash
+      env:
+        ARTIFACTORY_URL: https://repox.jfrog.io
+        ARTIFACTORY_ACCESS_TOKEN: ${{ fromJSON(steps.artifactory-secrets.outputs.vault).ARTIFACTORY_ACCESS_TOKEN }}
+      run: |
+        npm config set registry "$ARTIFACTORY_URL/api/npm/npm"
+        npm config set "${ARTIFACTORY_URL//https:}/api/npm/:_authToken=$ARTIFACTORY_ACCESS_TOKEN"
     - uses: jdx/mise-action@be3be2260bc02bc3fbf94c5e2fed8b7964baf074 # v3.4.0
       env:
         MISE_PYTHON_DEFAULT_PACKAGES_FILE: ${{ github.workspace }}/ci/mise-default-python-packages
@@ -12,5 +26,5 @@ runs:
     - name: Setup asciidoctor
       shell: bash
       run: |
-        sudo gem install asciidoctor
+        sudo gem install asciidoctor -v 2.0.26
         asciidoctor --version
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 252fdf1f249..d8b9dae4cf6 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -148,7 +148,7 @@ jobs:
       id-token: write
       contents: write
     steps:
-      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
         with:
           fetch-depth: 0
       - name: Install common dependencies
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index 0b4829b9f93..da25a33f142 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -15,11 +15,26 @@ jobs:
       contents: write # Get the contents of open new-rule PRs, the 'master' with updated-coverage from 'dogfood-automerge'; write to 'gh-pages' branch
     steps:
       - name: Checkout 🛎️
-        uses: actions/checkout@v4 # If you're using actions/checkout you must set persist-credentials to false in most cases for the deployment to work correctly.
+        uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
         with:
           persist-credentials: false
           ref: 'dogfood-automerge'
 
+      - name: Vault
+        id: secrets
+        uses: SonarSource/vault-action-wrapper@320bd31b03e5dacaac6be51bbbb15adf7caccc32 # v3.1.0
+        with:
+          secrets: |
+            development/artifactory/token/{REPO_OWNER_NAME_DASH}-private-reader access_token | ARTIFACTORY_ACCESS_TOKEN;
+
+      - name: Configure npm
+        env:
+          ARTIFACTORY_URL: https://repox.jfrog.io
+          ARTIFACTORY_ACCESS_TOKEN: ${{ fromJSON(steps.secrets.outputs.vault).ARTIFACTORY_ACCESS_TOKEN }}
+        run: |
+          npm config set registry "$ARTIFACTORY_URL/api/npm/npm"
+          npm config set "${ARTIFACTORY_URL//https:}/api/npm/:_authToken=$ARTIFACTORY_ACCESS_TOKEN"
+
       - name: Install and Build 🔧 # This example project is built using npm and outputs the result to the 'build' folder. Replace with the commands required to build your project, or remove this step entirely if your site is pre-built.
         working-directory: frontend
         run: |