diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index cc46f0f70..be7d1f2de 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -116,7 +116,6 @@ jobs:
       kosli_api_token: ${{ secrets.KOSLI_API_TOKEN }}
 
 
-  # OIDC fails because this is not a composite workflow
   snyk-container-scan:
     needs: [build-image]
     uses: cyber-dojo/live-snyk-scans/.github/workflows/artifact_snyk_test.yml@main
@@ -129,6 +128,8 @@ jobs:
       raw_snyk_policy_url:  https://raw.githubusercontent.com/cyber-dojo/${{github.event.repository.name}}/${{github.sha}}/.snyk
       aws_rolename:         gh_actions_services
       kosli_env:            ${{vars.KOSLI_AWS_BETA}}
+      kosli_flow:           ${{vars.KOSLI_FLOW}}
+      kosli_cat:            ${{vars.KOSLI_AWS_BETA}}-synk-vuln-ages
     secrets:
       snyk_token:      ${{secrets.SNYK_TOKEN}}
       kosli_api_token: ${{secrets.KOSLI_API_TOKEN}}
diff --git a/.kosli.yml b/.kosli.yml
index 7510fec93..179628c2d 100644
--- a/.kosli.yml
+++ b/.kosli.yml
@@ -6,7 +6,7 @@ trail:
       type: pull_request
 
   # artifacts:
-  #   - name: saver
+  #   - name: artifact
   #     attestations:
-  #       - name: snyk-container-scan
-  #         type: snyk
\ No newline at end of file
+  #       - name: VULN-NAME
+  #         type: aws-snyk-vuln-ages
\ No newline at end of file
diff --git a/Dockerfile b/Dockerfile
index ba4700223..ed588f7d9 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -2,13 +2,13 @@ FROM cyberdojo/web-base:8a409cd@sha256:d8fda7714933d9312720f01244c8de8bce8fdfbf4
 # The FROM statement above is typically set via an automated pull-request from the web-base repo
 LABEL maintainer=jon@jaggersoft.com
 
-RUN apk add --upgrade c-ares=1.34.6-r0        # https://security.snyk.io/vuln/SNYK-ALPINE322-CARES-14409293
-RUN apk add --upgrade libexpat=2.7.4-r0       # https://security.snyk.io/vuln/SNYK-ALPINE321-EXPAT-13003711
-RUN apk upgrade musl                          # https://security.snyk.io/vuln/SNYK-ALPINE320-MUSL-8720638
-RUN apk upgrade libcrypto3 libssl3            # https://security.snyk.io/vuln/SNYK-ALPINE322-OPENSSL-13174133
-RUN apk upgrade busybox                       # https://security.snyk.io/vuln/SNYK-ALPINE321-BUSYBOX-14102399
-RUN apk upgrade git                           # https://security.snyk.io/vuln/SNYK-ALPINE320-GIT-10669667
-RUN apk upgrade curl                          # https://security.snyk.io/vuln/SNYK-ALPINE321-CURL-13277278
+#RUN apk add --upgrade c-ares=1.34.6-r0        # https://security.snyk.io/vuln/SNYK-ALPINE322-CARES-14409293
+#RUN apk add --upgrade libexpat=2.7.4-r0       # https://security.snyk.io/vuln/SNYK-ALPINE321-EXPAT-13003711
+#RUN apk upgrade musl                          # https://security.snyk.io/vuln/SNYK-ALPINE320-MUSL-8720638
+#RUN apk upgrade libcrypto3 libssl3            # https://security.snyk.io/vuln/SNYK-ALPINE322-OPENSSL-13174133
+#RUN apk upgrade busybox                       # https://security.snyk.io/vuln/SNYK-ALPINE321-BUSYBOX-14102399
+#RUN apk upgrade git                           # https://security.snyk.io/vuln/SNYK-ALPINE320-GIT-10669667
+#RUN apk upgrade curl                          # https://security.snyk.io/vuln/SNYK-ALPINE321-CURL-13277278
 
 ARG COMMIT_SHA
 ENV SHA=${COMMIT_SHA}