diff --git a/.github/workflows/Dockerfile.qa b/.github/workflows/Dockerfile.qa
new file mode 100644
index 00000000..93c3cb3c
--- /dev/null
+++ b/.github/workflows/Dockerfile.qa
@@ -0,0 +1,39 @@
+# Build stage
+FROM gradle:7.6.1-jdk17 AS builder
+
+# Install make
+RUN apt-get update && apt-get install -y make
+
+# Set working directory
+WORKDIR /app
+
+# Copy your source code, including Makefile
+COPY . .
+
+# Run make download
+# --- modified part ---
+RUN mkdir zen_by_aikido
+RUN mv zen_dist zen_by_aikido/zen
+# --- end modified part ---
+RUN make build
+
+# Runtime stage
+FROM eclipse-temurin:17
+
+# Install make and postgresql-client
+RUN apt-get update && \
+    apt-get install -y make postgresql-client && \
+    rm -rf /var/lib/apt/lists/*
+
+# Set working directory
+WORKDIR /app
+
+# Copy the built application and SQL file from builder stage
+COPY --from=builder /app .
+COPY database.sql /app/database.sql
+
+# Create startup script
+COPY start.sh /app/start.sh
+RUN chmod 755 /app/start.sh
+
+ENTRYPOINT ["/app/start.sh"]
diff --git a/.github/workflows/qa-tests.yml b/.github/workflows/qa-tests.yml
new file mode 100644
index 00000000..90ce5716
--- /dev/null
+++ b/.github/workflows/qa-tests.yml
@@ -0,0 +1,52 @@
+name: 🧪 QA Tests
+permissions:
+    contents: read
+on:
+    push: {}
+    workflow_call: {}
+
+jobs:
+    qa-tests:
+        runs-on: ubuntu-latest
+        timeout-minutes: 30
+        steps:
+            - name: Checkout firewall-java
+              uses: actions/checkout@v5
+              with:
+                  path: firewall-java
+
+            - name: Checkout zen-demo-java
+              uses: actions/checkout@v5
+              with:
+                  repository: Aikido-demo-apps/zen-demo-java
+                  path: zen-demo-java
+                  ref: qa-test
+                  submodules: true
+
+            - name: Set up JDK 21
+              uses: actions/setup-java@v4
+              with:
+                  java-version: '21'
+                  distribution: 'temurin'
+
+            - name: Build with Gradle
+              working-directory: ./firewall-java
+              run: |
+                  chmod +x gradlew
+                  make binaries
+                  make build
+
+                  # Move the build jars to demo app
+                  mv dist ../zen-demo-java/zen_dist
+
+            - name: Replace Dockerfile with QA version
+              run: |
+                  cp firewall-java/.github/workflows/Dockerfile.qa zen-demo-java/Dockerfile
+
+            - name: Run Firewall QA Tests
+              uses: AikidoSec/firewall-tester-action@v1.0.0
+              with:
+                  dockerfile_path: ./zen-demo-java/Dockerfile
+                  app_port: 8080
+                  sleep_before_test: 30
+                  skip_tests: test_ssrf,test_stored_ssrf,test_demo_apps_generic_tests