diff --git a/.github/workflows/ci-pull-request.yml b/.github/workflows/ci-pull-request.yml
index 5fbd488..acd66ec 100644
--- a/.github/workflows/ci-pull-request.yml
+++ b/.github/workflows/ci-pull-request.yml
@@ -45,13 +45,4 @@ jobs:
       run: |
         make build
 
-    - name: Increment version
-      id: bump
-      run: |
-        chmod +x ./bump_version.sh
-        NEW_VERSION="$(./bump_version.sh)"
-        if [[ -z "$NEW_VERSION" ]]; then
-          echo "Version bump script returned empty version" >&2
-          exit 1
-        fi
-        echo "new_version=$NEW_VERSION" >> "$GITHUB_OUTPUT"
+    
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index 92f0307..5c9f5af 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -4,6 +4,8 @@ on:
   push:
     branches:
       - main
+    paths:
+      - 'sysdig-cli-scan-task/package.json'
 
 permissions:
   contents: write
@@ -14,24 +16,45 @@ concurrency:
   cancel-in-progress: true
 
 jobs:
-  build:
+  build-and-release:
     runs-on: ubuntu-latest
-
     steps:
     - name: Checkout code
       uses: actions/checkout@v2
+      with:
+        fetch-depth: 0 # Need history to compare versions
+
+    - name: Check for version change
+      id: check_version
+      run: |
+        # The workflow is triggered on changes to this file, but we only want to proceed if the version field itself has changed.
+        # This handles cases where other fields (like dependencies) are updated without a version bump.
+        OLD_VERSION=$(git show HEAD~1:sysdig-cli-scan-task/package.json | jq -r .version)
+        NEW_VERSION=$(jq -r .version sysdig-cli-scan-task/package.json)
+        echo "Old version: $OLD_VERSION, New version: $NEW_VERSION"
+        if [ "$OLD_VERSION" != "$NEW_VERSION" ]; then
+          echo "Version has changed. Proceeding with release."
+          echo "changed=true" >> $GITHUB_OUTPUT
+          echo "NEW_VERSION=$NEW_VERSION" >> $GITHUB_ENV
+        else
+          echo "Version has not changed. Skipping release."
+          echo "changed=false" >> $GITHUB_OUTPUT
+        fi
 
     - name: Setup Node.js
+      if: steps.check_version.outputs.changed == 'true'
       uses: actions/setup-node@v2
       with:
         node-version: '20.x'
 
     - name: Install tfx-cli and typescript
+      if: steps.check_version.outputs.changed == 'true'
       run: |
         npm install -g tfx-cli
         npm install -g typescript
 
     - name: Login to Azure DevOps
+      if: steps.check_version.outputs.changed == 'true'
       uses: azure/login@v1
       with:
         client-id: ${{ secrets.AZURE_APPLICATION_CLIENT_ID }}
@@ -39,33 +62,27 @@ jobs:
         subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
 
     - name: Get Azure DevOps access token
+      if: steps.check_version.outputs.changed == 'true'
       id: get_token
       run: |
         echo "AZURE_DEVOPS_ACCESS_TOKEN=$(az account get-access-token --resource ${{ secrets.AZURE_MARKETPLACE_ACCESS_SCOPE }} --query accessToken -o tsv)" >> $GITHUB_ENV
 
     - name: Build release
+      if: steps.check_version.outputs.changed == 'true'
       run: |
         make build
 
-    - name: Increment version
-      run: |
-        chmod +x ./bump_version.sh
-        NEW_VERSION=$(./bump_version.sh)
-        echo "NEW_VERSION=$NEW_VERSION" >> $GITHUB_ENV
-
     - name: Publish release
+      if: steps.check_version.outputs.changed == 'true'
       env:
         AZURE_DEVOPS_ACCESS_TOKEN: ${{ env.AZURE_DEVOPS_ACCESS_TOKEN }}
       run: |
         make publish-release
 
-    - name: Commit version increment
+    - name: Create Git Tag
+      if: steps.check_version.outputs.changed == 'true'
       run: |
         git config --local user.email "action@github.com"
         git config --local user.name "GitHub Action"
-        git add ./sysdig-cli-scan-task/task.json
-        git add ./VERSION
-        git add ./vss-extension.json
-        git commit -m "Increment version to ${{ env.NEW_VERSION }}"
         git tag ${{ env.NEW_VERSION }}
-        git push origin HEAD --tags
+        git push origin ${{ env.NEW_VERSION }}
diff --git a/.github/workflows/sync-versions.yml b/.github/workflows/sync-versions.yml
new file mode 100644
index 0000000..5b0fbdf
--- /dev/null
+++ b/.github/workflows/sync-versions.yml
@@ -0,0 +1,47 @@
+name: Sync Versions on PR
+
+on:
+  pull_request:
+    branches:
+      - main
+
+jobs:
+  sync-versions:
+    runs-on: ubuntu-latest
+    if: contains(github.event.pull_request.labels.*.name, 'skip-version-sync') == false
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+        with:
+          ref: ${{ github.head_ref }}
+          token: ${{ secrets.GITHUB_TOKEN }}
+          fetch-depth: 0
+
+      - name: Check for version change
+        id: version_changed
+        run: |
+          git fetch origin main
+          if git diff --name-only origin/main...HEAD | grep -q "sysdig-cli-scan-task/package.json"; then
+            echo "changed=true" >> $GITHUB_OUTPUT
+          else
+            echo "changed=false" >> $GITHUB_OUTPUT
+          fi
+
+      - name: Run sync script
+        if: steps.version_changed.outputs.changed == 'true'
+        run: |
+          chmod +x ./sync_versions.sh
+          ./sync_versions.sh
+
+      - name: Commit and push changes
+        if: steps.version_changed.outputs.changed == 'true'
+        run: |
+          git config --global user.name 'github-actions[bot]'
+          git config --global user.email 'github-actions[bot]@users.noreply.github.com'
+          git add .
+          if ! git diff --staged --quiet; then
+            git commit -m "ci: synchronize versions"
+            git push
+          else
+            echo "No changes to commit."
+          fi
diff --git a/README.md b/README.md
index 67a443f..b202fa4 100644
--- a/README.md
+++ b/README.md
@@ -147,3 +147,13 @@ steps:
 
 ## More Information
 For documentation on Sysdig Secure, including policy and capabilities see the [Sysdig Secure Documentation](https://docs.sysdig.com/en/docs/sysdig-secure/)
+
+## Release Process
+
+The release process is automated using GitHub Actions. To create a new release, follow these steps:
+
+1.  **Create a Pull Request:** Make your changes in a new branch and open a pull request against `main`.
+2.  **Bump the Version:** The version number is managed in `sysdig-cli-scan-task/package.json`. To create a release, increment the `version` field in this file.
+3.  **Automatic Sync:** When the change to `package.json` is pushed, a GitHub Action will automatically run the `./sync_versions.sh` script. This updates the version across all necessary files (like `task.json` and `vss-extension.json`) and pushes the changes to your branch.
+4.  **Merge:** After the pull request is reviewed and merged into `main`, the release workflow is triggered.
+5.  **Publish:** The workflow builds the extension, publishes it to the marketplace, and creates a corresponding Git tag.
diff --git a/VERSION b/VERSION
deleted file mode 100644
index afaf360..0000000
--- a/VERSION
+++ /dev/null
@@ -1 +0,0 @@
-1.0.0
\ No newline at end of file
diff --git a/bump_version.sh b/bump_version.sh
deleted file mode 100755
index 0fd67fa..0000000
--- a/bump_version.sh
+++ /dev/null
@@ -1,34 +0,0 @@
-#!/bin/bash
-
-# Function to increment a version string
-increment_version() {
-    local array=($(echo "$1" | tr '.' '\n'))
-    array[2]=$((array[2]+1)) # Increment the patch version
-    echo "${array[@]}"
-}
-
-# Read the current version from the VERSION file
-current_version=$(cat VERSION)
-
-# Increment the version
-read major minor patch <<< $(increment_version $current_version)
-
-# Update the version in the VERSION file
-new_version="${major}.${minor}.${patch}"
-echo $new_version > VERSION
-
-# Update task.json
-jq ".version.Major = $major | \
-    .version.Minor = $minor | \
-    .version.Patch = $patch" \
-    sysdig-cli-scan-task/task.json > tmp.json && mv tmp.json sysdig-cli-scan-task/task.json
-
-# Update vss-extension.json
-jq --arg major "$major" \
-   --arg minor "$minor" \
-   --arg patch "$patch" \
-   '.version = "\($major).\($minor).\($patch)"' \
-   vss-extension.json > tmp.json && mv tmp.json vss-extension.json
-
-# Output the new version for use in other scripts (like GitHub Actions)
-echo $new_version
diff --git a/sync_versions.sh b/sync_versions.sh
new file mode 100755
index 0000000..fbb236b
--- /dev/null
+++ b/sync_versions.sh
@@ -0,0 +1,43 @@
+#!/bin/bash
+set -e
+
+# Set the script's directory as the working directory
+cd "$(dirname "$0")"
+
+# Check if jq and npm are installed
+if ! command -v jq &> /dev/null
+then
+    echo "jq could not be found, please install it"
+    exit 1
+fi
+
+if ! command -v npm &> /dev/null
+then
+    echo "npm could not be found, please install it"
+    exit 1
+fi
+
+# Get version from sysdig-cli-scan-task/package.json
+VERSION=$(jq -r .version "sysdig-cli-scan-task/package.json")
+
+if [ -z "$VERSION" ]; then
+    echo "Version could not be read from sysdig-cli-scan-task/package.json"
+    exit 1
+fi
+
+echo "Syncing to version $VERSION"
+
+# Update vss-extension.json
+jq --arg VERSION "$VERSION" '.version = $VERSION' vss-extension.json > vss-extension.json.tmp && mv vss-extension.json.tmp vss-extension.json
+
+# Update sysdig-cli-scan-task/task.json
+MAJOR=$(echo "$VERSION" | cut -d. -f1)
+MINOR=$(echo "$VERSION" | cut -d. -f2)
+PATCH=$(echo "$VERSION" | cut -d. -f3)
+
+jq ".version.Major = $MAJOR | .version.Minor = $MINOR | .version.Patch = $PATCH" sysdig-cli-scan-task/task.json > sysdig-cli-scan-task/task.json.tmp && mv sysdig-cli-scan-task/task.json.tmp sysdig-cli-scan-task/task.json
+
+# Run npm install to update package-lock.json files
+(cd sysdig-cli-scan-task && npm install)
+
+echo "Versions synchronized successfully"
diff --git a/sysdig-cli-scan-task/package-lock.json b/sysdig-cli-scan-task/package-lock.json
index e48e98d..51a6c20 100644
--- a/sysdig-cli-scan-task/package-lock.json
+++ b/sysdig-cli-scan-task/package-lock.json
@@ -1,12 +1,12 @@
 {
   "name": "sysdig-cli-scan-task",
-  "version": "1.0.0",
+  "version": "1.0.1",
   "lockfileVersion": 2,
   "requires": true,
   "packages": {
     "": {
       "name": "sysdig-cli-scan-task",
-      "version": "1.0.0",
+      "version": "1.0.1",
       "license": "ISC",
       "dependencies": {
         "@types/http-proxy-agent": "^4.0.1",
diff --git a/sysdig-cli-scan-task/package.json b/sysdig-cli-scan-task/package.json
index 040be26..dd3003c 100644
--- a/sysdig-cli-scan-task/package.json
+++ b/sysdig-cli-scan-task/package.json
@@ -1,6 +1,6 @@
 {
   "name": "sysdig-cli-scan-task",
-  "version": "1.0.0",
+  "version": "1.0.1",
   "description": "Sysdig Secure Scan Task",
   "main": "index.js",
   "scripts": {
diff --git a/sysdig-cli-scan-task/task.json b/sysdig-cli-scan-task/task.json
index 999fa5f..40b868b 100644
--- a/sysdig-cli-scan-task/task.json
+++ b/sysdig-cli-scan-task/task.json
@@ -10,7 +10,7 @@
   "version": {
     "Major": 1,
     "Minor": 0,
-    "Patch": 0
+    "Patch": 1
   },
   "minimumAgentVersion": "3.232.1",
   "groups": [
diff --git a/vss-extension.json b/vss-extension.json
index 224a96c..81d4163 100644
--- a/vss-extension.json
+++ b/vss-extension.json
@@ -2,7 +2,7 @@
   "manifestVersion": 1,
   "id": "sysdig-cli-scan-task",
   "name": "Sysdig CLI scanner",
-  "version": "1.0.0",
+  "version": "1.0.1",
   "publisher": "SysdigDevOps",
   "description": "Scan images with Sysdig Secure as part of your development pipeline.",
   "public": true,