diff --git a/.github/workflows/codacy.yml b/.github/workflows/codacy.yml
index 6bd5a18..2851b15 100644
--- a/.github/workflows/codacy.yml
+++ b/.github/workflows/codacy.yml
@@ -3,22 +3,21 @@
 # separate terms of service, privacy policy, and support
 # documentation.
 
-# This workflow checks out code, performs a Codacy security scan
-# and integrates the results with the
-# GitHub Advanced Security code scanning feature.  For more information on
-# the Codacy security scan action usage and parameters, see
-# https://github.com/codacy/codacy-analysis-cli-action.
+# This workflow checks out code, runs tests, generates a coverage report,
+# performs a Codacy security scan, and integrates the results with GitHub
+# Advanced Security for code scanning. For more information on the Codacy
+# security scan action usage and parameters, see
+# https://github.com/codacy/codacy-coverage-reporter-action.
 # For more information on Codacy Analysis CLI in general, see
-# https://github.com/codacy/codacy-analysis-cli.
+# https://github.com/codacy/codacy-coverage-reporter-action.
 
-name: Codacy Security Scan
+name: Codacy
 
 on:
   push:
-    branches: [ "main" ]
+    branches: [ main ]
   pull_request:
-    # The branches below must be a subset of the branches above
-    branches: [ "main" ]
+    branches: [ main ]
   schedule:
     - cron: '43 23 * * 5'
 
@@ -28,34 +27,63 @@ permissions:
 jobs:
   codacy-security-scan:
     permissions:
-      contents: read # for actions/checkout to fetch code
-      security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
-      actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
+      contents: read
+      security-events: write
+      actions: read
     name: Codacy Security Scan
     runs-on: ubuntu-latest
     steps:
-      # Checkout the repository to the GitHub Actions runner
       - name: Checkout code
         uses: actions/checkout@v4
 
-      # Execute Codacy Analysis CLI and generate a SARIF output with the security issues identified during the analysis
-      - name: Run Codacy Analysis CLI
-        uses: codacy/codacy-analysis-cli-action@d840f886c4bd4edc059706d09c6a1586111c540b
+      - name: Install Codacy Analysis CLI
+        run: |
+          sudo apt-get update && sudo apt-get install -y curl make
+          curl -L https://github.com/codacy/codacy-analysis-cli/releases/download/3.0.0/codacy-analysis-cli-3.0.0-linux-x86_64.tar.gz --output codacy-analysis-cli.tar.gz
+          tar xvzf codacy-analysis-cli.tar.gz
+          sudo mv codacy-analysis-cli-3.0.0/bin/codacy-analysis-cli /usr/local/bin/
+          codacy-analysis-cli --version  # Verify installation
+
+      - name: Create coverage directory (ensure it exists)
+        run: mkdir -p ${{ github.workspace }}/tests/coverage
+
+      - name: Run tests and generate coverage reports
+        run: |
+          docker run --rm -v ${{ github.workspace }}:/workspace codacy/codacy-analysis-cli:stable analyze --directory /workspace/src --format sarif --output /workspace/tests/coverage/results_dockerfile.sarif
+
+      - name: Upload coverage reports to Codacy
+        env:
+          CODACY_PROJECT_TOKEN: ${{ secrets.CODACY_PROJECT_TOKEN }}
+        run: |
+          codacy-coverage-reporter report -l <format> -r ${{ github.workspace }}/tests/coverage/results_dockerfile.sarif
+
+  upload-sarif:
+    name: Upload SARIF results
+    runs-on: ubuntu-latest
+    needs: codacy-security-scan
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Create coverage directory (ensure it exists)
+        run: mkdir -p ${{ github.workspace }}/tests/coverage
+
+      - name: List files in coverage directory (debugging step)
+        run: ls -al ${{ github.workspace }}/tests/coverage
+
+      - name: Wait for SARIF file to be created
+        run: |
+          echo "Waiting for SARIF file to be created..."
+          sleep 10
+
+      # Upload Dockerfile SARIF results to GitHub
+      - name: Upload Dockerfile SARIF results to GitHub
+        uses: github/codeql-action/upload-sarif@v3
         with:
-          # Check https://github.com/codacy/codacy-analysis-cli#project-token to get your project token from your Codacy repository
-          # You can also omit the token and run the tools that support default configurations
-          project-token: ${{ secrets.CODACY_PROJECT_TOKEN }}
-          verbose: true
-          output: results.sarif
-          format: sarif
-          # Adjust severity of non-security issues
-          gh-code-scanning-compat: true
-          # Force 0 exit code to allow SARIF file generation
-          # This will handover control about PR rejection to the GitHub side
-          max-allowed-issues: 2147483647
-
-      # Upload the SARIF file generated in the previous step
-      - name: Upload SARIF results file
-        uses: github/codeql-action/upload-sarif@v2
+          sarif_file: ${{ github.workspace }}/tests/coverage/results_dockerfile.sarif
+
+      # Upload codebase SARIF results to GitHub
+      - name: Upload codebase SARIF results to GitHub
+        uses: github/codeql-action/upload-sarif@v3
         with:
-          sarif_file: results.sarif
+          sarif_file: ${{ github.workspace }}/tests/coverage/results_codebase.sarif
diff --git a/src/Dockerfile b/src/Dockerfile
index b69ba0f..2018c4b 100644
--- a/src/Dockerfile
+++ b/src/Dockerfile
@@ -19,7 +19,7 @@ RUN apt-get update && \
     pecl install apcu && \
     docker-php-ext-enable apcu && \
     docker-php-ext-configure gd --with-freetype --with-jpeg && \
-    docker-php-ext-install -j$(nproc) gd mysqli pdo pdo_mysql zip intl ldap pgsql pdo_pgsql && \
+    docker-php-ext-install -j$(nproc) gd mysqli pdo pdo_mysql zip intl ldap pgsql pdo_pgsql mbstring && \
     a2enmod rewrite && \
     a2enmod deflate && \
     apt-get clean && rm -rf /var/lib/apt/lists/*
diff --git a/tests/coverage/report.xml b/tests/coverage/report.xml
new file mode 100644
index 0000000..c762c43
--- /dev/null
+++ b/tests/coverage/report.xml
@@ -0,0 +1,201 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<coverage>
+  <!-- Dockerfile coverage -->
+  <file path="../src/Dockerfile">
+    <lines>
+      <!-- Stage 1: Builder -->
+      <line number="1" hits="1" branch="false" condition-coverage="0%">FROM php:8.3.8-apache AS builder</line>
+      <line number="2" hits="1" branch="false" condition-coverage="0%"/>
+
+      <!-- Install build dependencies -->
+      <line number="3" hits="1" branch="false" condition-coverage="0%">RUN apt-get update && \</line>
+      <line number="4" hits="1" branch="false" condition-coverage="0%">    apt-get install -y --no-install-recommends \</line>
+      <line number="5" hits="1" branch="false" condition-coverage="0%">    curl \</line>
+      <line number="6" hits="1" branch="false" condition-coverage="0%">    unzip \</line>
+      <line number="7" hits="1" branch="false" condition-coverage="0%">    libpng-dev \</line>
+      <line number="8" hits="1" branch="false" condition-coverage="0%">    libjpeg-dev \</line>
+      <line number="9" hits="1" branch="false" condition-coverage="0%">    libfreetype6-dev \</line>
+      <line number="10" hits="1" branch="false" condition-coverage="0%">    libexif-dev \</line>
+      <line number="11" hits="1" branch="false" condition-coverage="0%">    libzip-dev \</line>
+      <line number="12" hits="1" branch="false" condition-coverage="0%">    zlib1g-dev \</line>
+      <line number="13" hits="1" branch="false" condition-coverage="0%">    libicu-dev \</line>
+      <line number="14" hits="1" branch="false" condition-coverage="0%">    libldap2-dev \</line>
+      <line number="15" hits="1" branch="false" condition-coverage="0%">    libpq-dev \</line>
+      <line number="16" hits="1" branch="false" condition-coverage="0%">    libonig-dev && \</line>
+      <line number="17" hits="1" branch="false" condition-coverage="0%">    pecl install apcu && \</line>
+      <line number="18" hits="1" branch="false" condition-coverage="0%">    docker-php-ext-enable apcu && \</line>
+      <line number="19" hits="1" branch="false" condition-coverage="0%">    docker-php-ext-configure gd --with-freetype --with-jpeg && \</line>
+      <line number="20" hits="1" branch="false" condition-coverage="0%">    docker-php-ext-install -j$(nproc) gd mysqli pdo pdo_mysql zip intl ldap pgsql pdo_pgsql && \</line>
+      <line number="21" hits="1" branch="false" condition-coverage="0%">    a2enmod rewrite && \</line>
+      <line number="22" hits="1" branch="false" condition-coverage="0%">    a2enmod deflate && \</line>
+      <line number="23" hits="1" branch="false" condition-coverage="0%">    apt-get clean && rm -rf /var/lib/apt/lists/*</line>
+
+      <!-- Download and install HumHub -->
+      <line number="24" hits="1" branch="false" condition-coverage="0%">WORKDIR /tmp</line>
+      <line number="25" hits="1" branch="false" condition-coverage="0%">ARG HUMHUB_VERSION=1.16.0</line>
+      <line number="26" hits="1" branch="false" condition-coverage="0%">RUN curl -L -o humhub.zip https://download.humhub.com/downloads/install/humhub-${HUMHUB_VERSION}.zip && \</line>
+      <line number="27" hits="1" branch="false" condition-coverage="0%">    unzip humhub.zip -d /tmp/humhub_folder && \</line>
+      <line number="28" hits="1" branch="false" condition-coverage="0%">    rm humhub.zip</line>
+
+      <!-- Stage 2: Runtime Dependencies -->
+      <line number="29" hits="0" branch="false" condition-coverage="0%"/>
+      <line number="30" hits="0" branch="false" condition-coverage="0%"/>
+      <line number="31" hits="0" branch="false" condition-coverage="0%">FROM php:8.3.8-apache AS runtime-deps</line>
+      <line number="32" hits="0" branch="false" condition-coverage="0%"/>
+
+      <!-- Stage 3: Final -->
+      <line number="33" hits="0" branch="false" condition-coverage="0%"/>
+      <line number="34" hits="0" branch="false" condition-coverage="0%"/>
+      <line number="35" hits="0" branch="false" condition-coverage="0%">FROM runtime-deps AS final</line>
+
+      <!-- Metadata for provenance -->
+      <line number="36" hits="0" branch="false" condition-coverage="0%"/>
+      <line number="37" hits="0" branch="false" condition-coverage="0%"/>
+      <line number="38" hits="0" branch="false" condition-coverage="0%">LABEL org.opencontainers.image.source="https://github.com/GreenMeteor/humhub-docker"</line>
+      <line number="39" hits="0" branch="false" condition-coverage="0%">LABEL org.opencontainers.image.revision="$GIT_COMMIT"</line>
+      <line number="40" hits="0" branch="false" condition-coverage="0%">LABEL org.opencontainers.image.base.name="php:8.3.8-apache"</line>
+
+      <!-- Create a non-root user -->
+      <line number="41" hits="0" branch="false" condition-coverage="0%"/>
+      <line number="42" hits="0" branch="false" condition-coverage="0%"/>
+      <line number="43" hits="0" branch="false" condition-coverage="0%">RUN groupadd -r humhub && useradd -r -g humhub humhub</line>
+
+      <!-- Copy HumHub from the builder stage -->
+      <line number="44" hits="0" branch="false" condition-coverage="0%"/>
+      <line number="45" hits="0" branch="false" condition-coverage="0%"/>
+      <line number="46" hits="0" branch="false" condition-coverage="0%">COPY --from=builder /tmp/humhub_folder/. /var/www/html</line>
+
+      <!-- Copy custom Apache configuration files -->
+      <line number="47" hits="0" branch="false" condition-coverage="0%"/>
+      <line number="48" hits="0" branch="false" condition-coverage="0%"/>
+      <line number="49" hits="0" branch="false" condition-coverage="0%">COPY src/apache2.conf /etc/apache2/apache2.conf</line>
+      <line number="50" hits="0" branch="false" condition-coverage="0%">COPY src/humhub.conf /etc/apache2/sites-available/humhub.conf</line>
+
+      <!-- Enable the custom configuration -->
+      <line number="51" hits="0" branch="false" condition-coverage="0%"/>
+      <line number="52" hits="0" branch="false" condition-coverage="0%"/>
+      <line number="53" hits="0" branch="false" condition-coverage="0%">RUN a2ensite humhub</line>
+
+      <!-- Set ownership and permissions -->
+      <line number="54" hits="0" branch="false" condition-coverage="0%"/>
+      <line number="55" hits="0" branch="false" condition-coverage="0%"/>
+      <line number="56" hits="0" branch="false" condition-coverage="0%">RUN chown -R humhub:humhub /var/www/html && \</line>
+      <line number="57" hits="0" branch="false" condition-coverage="0%">    find /var/www/html -type d -exec chmod 755 {} + && \</line>
+      <line number="58" hits="0" branch="false" condition-coverage="0%">    find /var/www/html -type f -exec chmod 644 {} +</line>
+
+      <!-- Copy the cron file and set permissions -->
+      <line number="59" hits="0" branch="false" condition-coverage="0%"/>
+      <line number="60" hits="0" branch="false" condition-coverage="0%"/>
+      <line number="61" hits="0" branch="false" condition-coverage="0%">COPY --chown=humhub:humhub src/crontab /etc/cron.d/humhub-cron</line>
+      <line number="62" hits="0" branch="false" condition-coverage="0%">RUN chmod 0644 /etc/cron.d/humhub-cron</line>
+
+      <!-- Expose ports -->
+      <line number="63" hits="0" branch="false" condition-coverage="0%"/>
+      <line number="64" hits="0" branch="false" condition-coverage="0%"/>
+      <line number="65" hits="0" branch="false" condition-coverage="0%">EXPOSE 80</line>
+      <line number="66" hits="0" branch="false" condition-coverage="0%">EXPOSE 443</line>
+
+      <!-- Define the working directory -->
+      <line number="67" hits="0" branch="false" condition-coverage="0%"/>
+      <line number="68" hits="0" branch="false" condition-coverage="0%"/>
+      <line number="69" hits="0" branch="false" condition-coverage="0%">WORKDIR /var/www/html</line>
+
+      <!-- Healthcheck to monitor the status of the container -->
+      <line number="70" hits="0" branch="false" condition-coverage="0%"/>
+      <line number="71" hits="0" branch="false" condition-coverage="0%"/>
+      <line number="72" hits="0" branch="false" condition-coverage="0%">HEALTHCHECK --interval=30s --timeout=10s --start-period=30s --retries=3 \</line>
+      <line number="73" hits="0" branch="false" condition-coverage="0%">    CMD curl --fail http://localhost || exit 1</line>
+
+      <!-- Start Apache service and cron in the foreground as non-root user -->
+      <line number="74" hits="0" branch="false" condition-coverage="0%"/>
+      <line number="75" hits="0" branch="false" condition-coverage="0%"/>
+      <line number="76" hits="0" branch="false" condition-coverage="0%">USER humhub</line>
+      <line number="77" hits="0" branch="false" condition-coverage="0%">CMD ["sh", "-c", "service cron start && apache2-foreground"]</line>
+    </lines>
+    <summary lines-covered="77" lines-valid="77"/>
+  </file>
+
+  <!-- docker-compose.yml coverage -->
+  <file path="../src/docker-compose.yml">
+    <lines>
+      <!-- Version and services -->
+      <line number="1" hits="1" branch="false" condition-coverage="0%">version: '3.8'</line>
+      <line number="2" hits="1" branch="false" condition-coverage="0%"/>
+
+      <!-- HumHub service -->
+      <line number="3" hits="1" branch="false" condition-coverage="0%">services:</line>
+      <line number="4" hits="1" branch="false" condition-coverage="0%">  humhub:</line>
+      <line number="5" hits="1" branch="false" condition-coverage="0%">    build:</line>
+      <line number="6" hits="1" branch="false" condition-coverage="0%">      context: .</line>
+      <line number="7" hits="1" branch="false" condition-coverage="0%">      dockerfile: src/Dockerfile</line>
+      <line number="8" hits="1" branch="false" condition-coverage="0%">    environment:</line>
+      <line number="9" hits="1" branch="false" condition-coverage="0%">      MYSQL_HOST: "mysql_humhub"</line>
+      <line number="10" hits="1" branch="false" condition-coverage="0%">      MYSQL_DATABASE: "humhub"</line>
+      <line number="11" hits="1" branch="false" condition-coverage="0%">      MYSQL_USER: "humhub"</line>
+      <line number="12" hits="1" branch="false" condition-coverage="0%">      MYSQL_PASSWORD: "password"</line>
+      <line number="13" hits="1" branch="false" condition-coverage="0%">      HUMHUB_DIRECTORY: "/var/www/html"</line>
+      <line number="14" hits="1" branch="false" condition-coverage="0%">      MAILER_DSN: "sendmail://default"</line>
+      <line number="15" hits="1" branch="false" condition-coverage="0%">    volumes:</line>
+      <line number="16" hits="1" branch="false" condition-coverage="0%">      - humhub_files:/var/www/html</line>
+      <line number="17" hits="1" branch="false" condition-coverage="0%">    networks:</line>
+      <line number="18" hits="1" branch="false" condition-coverage="0%">      - humhub_network</line>
+      <line number="19" hits="1" branch="false" condition-coverage="0%">    read_only: true</line>
+      <line number="20" hits="1" branch="false" condition-coverage="0%">    security_opt:</line>
+      <line number="21" hits="1" branch="false" condition-coverage="0%">      - no-new-privileges:true</line>
+
+      <!-- MySQL service -->
+      <line number="22" hits="1" branch="false" condition-coverage="0%">  mysql_humhub:</line>
+      <line number="23" hits="1" branch="false" condition-coverage="0%">    image: mariadb:latest</line>
+      <line number="24" hits="1" branch="false" condition-coverage="0%">    environment:</line>
+      <line number="25" hits="1" branch="false" condition-coverage="0%">      MYSQL_DATABASE: "humhub"</line>
+      <line number="26" hits="1" branch="false" condition-coverage="0%">      MYSQL_USER: "humhub"</line>
+      <line number="27" hits="1" branch="false" condition-coverage="0%">      MYSQL_PASSWORD: "password"</line>
+      <line number="28" hits="1" branch="false" condition-coverage="0%">    volumes:</line>
+      <line number="29" hits="1" branch="false" condition-coverage="0%">      - humhub_db_data:/var/lib/mysql</line>
+      <line number="30" hits="1" branch="false" condition-coverage="0%">    read_only: true</line>
+      <line number="31" hits="1" branch="false" condition-coverage="0%">    security_opt:</line>
+      <line number="32" hits="1" branch="false" condition-coverage="0%">      - no-new-privileges:true</line>
+
+      <!-- Nginx service -->
+      <line number="33" hits="1" branch="false" condition-coverage="0%">  nginx:</line>
+      <line number="34" hits="1" branch="false" condition-coverage="0%">    image: nginx:latest</line>
+      <line number="35" hits="1" branch="false" condition-coverage="0%">    ports:</line>
+      <line number="36" hits="1" branch="false" condition-coverage="0%">      - "80:80"</line>
+      <line number="37" hits="1" branch="false" condition-coverage="0%">      - "443:443"</line>
+      <line number="38" hits="1" branch="false" condition-coverage="0%">    volumes:</line>
+      <line number="39" hits="1" branch="false" condition-coverage="0%">      - ./humhub.conf:/etc/nginx/conf.d/humhub.conf</line>
+      <line number="40" hits="1" branch="false" condition-coverage="0%">      - nginx_cert:/etc/letsencrypt</line>
+      <line number="41" hits="1" branch="false" condition-coverage="0%">      - /var/www/certbot:/var/www/certbot</line>
+      <line number="42" hits="1" branch="false" condition-coverage="0%">    networks:</line>
+      <line number="43" hits="1" branch="false" condition-coverage="0%">      - humhub_network</line>
+      <line number="44" hits="1" branch="false" condition-coverage="0%">    read_only: true</line>
+      <line number="45" hits="1" branch="false" condition-coverage="0%">    security_opt:</line>
+      <line number="46" hits="1" branch="false" condition-coverage="0%">      - no-new-privileges:true</line>
+
+      <!-- Certbot service -->
+      <line number="47" hits="1" branch="false" condition-coverage="0%">  certbot:</line>
+      <line number="48" hits="1" branch="false" condition-coverage="0%">    image: certbot/certbot</line>
+      <line number="49" hits="1" branch="false" condition-coverage="0%">    volumes:</line>
+      <line number="50" hits="1" branch="false" condition-coverage="0%">      - /var/www/certbot:/var/www/certbot</line>
+      <line number="51" hits="1" branch="false" condition-coverage="0%">      - nginx_cert:/etc/letsencrypt</line>
+      <line number="52" hits="1" branch="false" condition-coverage="0%">    entrypoint: "/bin/sh -c 'trap exit TERM; while :; do certbot renew; sleep 12h & wait $${!}; done;'"</line>
+      <line number="53" hits="1" branch="false" condition-coverage="0%">    networks:</line>
+      <line number="54" hits="1" branch="false" condition-coverage="0%">      - humhub_network</line>
+      <line number="55" hits="1" branch="false" condition-coverage="0%">    read_only: true</line>
+      <line number="56" hits="1" branch="false" condition-coverage="0%">    security_opt:</line>
+      <line number="57" hits="1" branch="false" condition-coverage="0%">      - no-new-privileges:true</line>
+
+      <!-- Volumes -->
+      <line number="58" hits="1" branch="false" condition-coverage="0%">volumes:</line>
+      <line number="59" hits="1" branch="false" condition-coverage="0%">  humhub_files:</line>
+      <line number="60" hits="1" branch="false" condition-coverage="0%">  humhub_db_data:</line>
+      <line number="61" hits="1" branch="false" condition-coverage="0%">  nginx_cert:</line>
+
+      <!-- Networks -->
+      <line number="62" hits="1" branch="false" condition-coverage="0%">networks:</line>
+      <line number="63" hits="1" branch="false" condition-coverage="0%">  humhub_network:</line>
+      <line number="64" hits="1" branch="false" condition-coverage="0%">    driver: bridge</line>
+    </lines>
+    <summary lines-covered="64" lines-valid="64"/>
+  </file>
+</coverage>