diff --git a/backend/Dockerfile b/backend/Dockerfile
index fbbdbbd3..e7c46cc6 100644
--- a/backend/Dockerfile
+++ b/backend/Dockerfile
@@ -74,11 +74,11 @@ RUN ARCH=$(uname -m) && \
     if [ "$ARCH" = "x86_64" ]; then \
         wget -O gitleaks.tar.gz https://github.com/gitleaks/gitleaks/releases/download/v8.12.0/gitleaks_8.12.0_linux_x64.tar.gz; \
         wget -O bearer.tar.gz https://github.com/Bearer/bearer/releases/download/v1.50.2/bearer_1.50.2_linux_amd64.tar.gz; \
-        wget -O grype.tar.gz https://github.com/anchore/grype/releases/download/v0.104.2/grype_0.104.2_linux_amd64.tar.gz; \
+        wget -O grype.tar.gz https://github.com/anchore/grype/releases/download/v0.112.0/grype_0.112.0_linux_amd64.tar.gz; \
     elif [ "$ARCH" = "aarch64" ]; then \
         wget -O gitleaks.tar.gz https://github.com/gitleaks/gitleaks/releases/download/v8.12.0/gitleaks_8.12.0_linux_arm64.tar.gz; \
         wget -O bearer.tar.gz https://github.com/Bearer/bearer/releases/download/v1.50.2/bearer_1.50.2_linux_arm64.tar.gz; \
-        wget -O grype.tar.gz https://github.com/anchore/grype/releases/download/v0.104.2/grype_0.104.2_linux_arm64.tar.gz; \
+        wget -O grype.tar.gz https://github.com/anchore/grype/releases/download/v0.112.0/grype_0.112.0_linux_arm64.tar.gz; \
     else \
         echo "Unsupported architecture: $ARCH"; exit 1; \
     fi && \
diff --git a/backend/Dockerfile.base b/backend/Dockerfile.base
index eb53002a..1df8cac6 100644
--- a/backend/Dockerfile.base
+++ b/backend/Dockerfile.base
@@ -42,7 +42,6 @@ RUN wget -q https://services.gradle.org/distributions/gradle-${GRADLE_VERSION}-b
 ENV GRADLE_HOME=/opt/gradle/gradle-${GRADLE_VERSION}
 ENV PATH="$PATH:$GRADLE_HOME/bin"
 
-# ── Node tools ───────────────────────────────────────────────
 RUN npm install -g @cyclonedx/cdxgen@latest
 
 # ── Security scanners ───────────────────────────────────────
@@ -50,11 +49,11 @@ RUN ARCH=$(uname -m) && \
     if [ "$ARCH" = "x86_64" ]; then \
         wget -O gitleaks.tar.gz https://github.com/gitleaks/gitleaks/releases/download/v8.12.0/gitleaks_8.12.0_linux_x64.tar.gz; \
         wget -O bearer.tar.gz https://github.com/Bearer/bearer/releases/download/v1.50.2/bearer_1.50.2_linux_amd64.tar.gz; \
-        wget -O grype.tar.gz https://github.com/anchore/grype/releases/download/v0.104.2/grype_0.104.2_linux_amd64.tar.gz; \
+        wget -O grype.tar.gz https://github.com/anchore/grype/releases/download/v0.112.0/grype_0.112.0_linux_amd64.tar.gz; \
     elif [ "$ARCH" = "aarch64" ]; then \
         wget -O gitleaks.tar.gz https://github.com/gitleaks/gitleaks/releases/download/v8.12.0/gitleaks_8.12.0_linux_arm64.tar.gz; \
         wget -O bearer.tar.gz https://github.com/Bearer/bearer/releases/download/v1.50.2/bearer_1.50.2_linux_arm64.tar.gz; \
-        wget -O grype.tar.gz https://github.com/anchore/grype/releases/download/v0.104.2/grype_0.104.2_linux_arm64.tar.gz; \
+        wget -O grype.tar.gz https://github.com/anchore/grype/releases/download/v0.112.0/grype_0.112.0_linux_arm64.tar.gz; \
     else \
         echo "Unsupported architecture: $ARCH"; exit 1; \
     fi && \
diff --git a/backend/src/main/java/io/mixeway/mixewayflowapi/api/teamfindings/service/FindingsByTeamService.java b/backend/src/main/java/io/mixeway/mixewayflowapi/api/teamfindings/service/FindingsByTeamService.java
index 4c35fbef..0c35e9cc 100644
--- a/backend/src/main/java/io/mixeway/mixewayflowapi/api/teamfindings/service/FindingsByTeamService.java
+++ b/backend/src/main/java/io/mixeway/mixewayflowapi/api/teamfindings/service/FindingsByTeamService.java
@@ -27,6 +27,8 @@
 import org.springframework.stereotype.Service;
 
 import java.math.BigDecimal;
+import java.net.URLDecoder;
+import java.nio.charset.StandardCharsets;
 import java.security.Principal;
 import java.util.List;
 import java.util.Map;
@@ -166,7 +168,9 @@ public Page<TeamFindingsAndVulnsResponseDto> getCloudAndRepoFindingsAndVulns(Str
         String sourceStr = filters.getOrDefault("source", null);
         String statusStr = filters.getOrDefault("status", null);
         String nameRaw = filters.getOrDefault("name", null);
-        if (nameRaw != null && nameRaw.isBlank()) {
+        if (nameRaw != null && !nameRaw.isBlank()) {
+            nameRaw = URLDecoder.decode(nameRaw, StandardCharsets.UTF_8);
+        } else {
             nameRaw = null;
         }
         String name = nameRaw != null ? nameRaw.toLowerCase() : null;
diff --git a/backend/src/main/java/io/mixeway/mixewayflowapi/integrations/scanner/sca/service/CdxGenService.java b/backend/src/main/java/io/mixeway/mixewayflowapi/integrations/scanner/sca/service/CdxGenService.java
index ab7c909b..f2247b36 100644
--- a/backend/src/main/java/io/mixeway/mixewayflowapi/integrations/scanner/sca/service/CdxGenService.java
+++ b/backend/src/main/java/io/mixeway/mixewayflowapi/integrations/scanner/sca/service/CdxGenService.java
@@ -83,6 +83,8 @@ public void generateBom(String repoDir, CodeRepo codeRepo, CodeRepoBranch codeRe
 
         ProcessBuilder pb = new ProcessBuilder(
                 "cdxgen",
+                "--spec-version",
+                "1.5",
                 "--recurse",
                 "--required-only",
                 "--output",