diff --git a/.github/actions/bootstrap/action.yaml b/.github/actions/bootstrap/action.yaml
index afdebd30..54e1821b 100644
--- a/.github/actions/bootstrap/action.yaml
+++ b/.github/actions/bootstrap/action.yaml
@@ -8,7 +8,9 @@ inputs:
   python-version:
     description: "Python version to install"
     required: true
-    default: "3.9" # note: the caller really drives this in a matrix strategy run
+    # note: the caller really drives this in a matrix strategy run for unit tests.
+    # this default value is used for the rest of the workflow.
+    default: "3.11"
   poetry-version:
     description: "Poetry version to install"
     required: true
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index 55b71af5..45c851c5 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -28,13 +28,22 @@ jobs:
           git fetch origin main
           git merge-base --is-ancestor ${GITHUB_REF##*/} origin/main && echo "${GITHUB_REF##*/} is a commit on main!"
 
-      - name: Check validation results
+      - name: Check static analysis results
         uses: fountainhead/action-wait-for-check@297be350cf8393728ea4d4b39435c7d7ae167c93 #v1.1.1
-        id: validations
+        id: static-analysis
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
           # This check name is defined as the github action job name (in .github/workflows/validations.yaml)
-          checkName: "Validations"
+          checkName: "Static Analysis"
+          ref: ${{ github.event.pull_request.head.sha || github.sha }}
+
+      - name: Check test results
+        uses: fountainhead/action-wait-for-check@297be350cf8393728ea4d4b39435c7d7ae167c93 #v1.1.1
+        id: test
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          # This check name is defined as the github action job name (in .github/workflows/validations.yaml)
+          checkName: "Test"
           ref: ${{ github.event.pull_request.head.sha || github.sha }}
 
       - name: Check nightly quality gate results
@@ -50,9 +59,10 @@ jobs:
           intervalSeconds: 3
 
       - name: Release quality gate
-        if: steps.validations.conclusion != 'success' || steps.nightly-quality-gate.conclusion != 'success'
+        if: steps.static-analysis.conclusion != 'success' || steps.test.conclusion != 'success' || steps.nightly-quality-gate.conclusion != 'success'
         run: |
-          echo "Validations Status: ${{ steps.validations.conclusion }}"
+          echo "Static Analysis Status: ${{ steps.static-analysis.conclusion }}"
+          echo "Test Status: ${{ steps.test.conclusion }}"
           echo "Nightly Quality Gate Status: ${{ steps.nightly-quality-gate.conclusion }}"
           false
 
diff --git a/.github/workflows/validations.yaml b/.github/workflows/validations.yaml
index 1f8ca53e..5b497ed9 100644
--- a/.github/workflows/validations.yaml
+++ b/.github/workflows/validations.yaml
@@ -11,13 +11,11 @@ on:
 jobs:
 
   # note: the name for this check is referenced in release.yaml, do not change here without changing there
-  Validations:
+  Static-Analysis:
+    name: "Static Analysis"
     runs-on: ubuntu-22.04
     permissions:
       contents: read
-    strategy:
-      matrix:
-        python-version: ['3.9', '3.10', '3.11', '3.12']
     steps:
       - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 #v4.1.1
         with:
@@ -26,25 +24,42 @@ jobs:
 
       - name: Bootstrap environment
         uses: ./.github/actions/bootstrap
-        with:
-          python-version: ${{ matrix.python-version }}
 
       - name: Run static analysis
         run: poetry run make static-analysis
 
-      - name: Run unit tests
-        run: poetry run make unit
-
       - name: Ensure quality gate tools are properly configured
         run: |
           cd tests/quality && make validate-test-tool-versions
 
+  Test:
+    runs-on: ubuntu-22.04
+    permissions:
+      contents: read
+    strategy:
+      matrix:
+        # note: this is not a single source of truth (this is also in the tox.ini)
+        python-version: ['3.9', '3.10', '3.11', '3.12']
+    steps:
+      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 #v4.1.1
+        with:
+          # in order to properly resolve the version from git
+          fetch-depth: 0
+
+      - name: Bootstrap environment
+        uses: ./.github/actions/bootstrap
+        with:
+          python-version: ${{ matrix.python-version }}
+
+      - name: Run unit tests
+        run: poetry run make unit-matrix
+
       - name: Build assets
         run: poetry run make build
 
   Publish-PreProd:
     runs-on: ubuntu-22.04
-    needs: [Validations]
+    needs: [Static-Analysis, Test]
     if: github.ref == 'refs/heads/main'
     permissions:
       contents: read
diff --git a/pytest.ini b/pytest.ini
new file mode 100644
index 00000000..37f72ea0
--- /dev/null
+++ b/pytest.ini
@@ -0,0 +1,2 @@
+[pytest]
+addopts = -vv --color=yes
diff --git a/src/vunnel/workspace.py b/src/vunnel/workspace.py
index 86a34e62..0ee80d46 100644
--- a/src/vunnel/workspace.py
+++ b/src/vunnel/workspace.py
@@ -37,7 +37,7 @@ class State(DataClassDictMixin):
     store: str
     timestamp: datetime.datetime
     version: int = 1
-    listing: Optional[File] = None  # why use Optional? mashumaro does not support this on python 3.9 
+    listing: Optional[File] = None  # noqa:UP007  # why use Optional? mashumaro does not support this on python 3.9
     schema: schemaDef.Schema = field(default_factory=schemaDef.ProviderStateSchema)
 
     @staticmethod
diff --git a/tests/quality/configure.py b/tests/quality/configure.py
index 2e7699e7..83fab77b 100644
--- a/tests/quality/configure.py
+++ b/tests/quality/configure.py
@@ -31,7 +31,9 @@
 GRYPE_DB = f"{BIN_DIR}/grype-db"
 
 
-class Application(YardstickApplication, DataClassDictMixin): pass
+class Application(YardstickApplication, DataClassDictMixin):
+    pass
+
 
 @dataclass
 class ConfigurationState(DataClassDictMixin):
diff --git a/tests/unit/cli/test_config.py b/tests/unit/cli/test_config.py
index c40334b3..e240fb37 100644
--- a/tests/unit/cli/test_config.py
+++ b/tests/unit/cli/test_config.py
@@ -45,9 +45,9 @@ def test_full_config(helpers):
                     # this is what we added in the config
                     42: "https://alas.aws.amazon.com/AL2/alas-42.rss",
                     # this is the defaults...
-                    2: 'https://alas.aws.amazon.com/AL2/alas.rss', 
-                    2022: 'https://alas.aws.amazon.com/AL2022/alas.rss', 
-                    2023: 'https://alas.aws.amazon.com/AL2023/alas.rss'
+                    2: "https://alas.aws.amazon.com/AL2/alas.rss",
+                    2022: "https://alas.aws.amazon.com/AL2022/alas.rss",
+                    2023: "https://alas.aws.amazon.com/AL2023/alas.rss",
                 },
                 runtime=runtime_cfg,
                 request_timeout=20,
diff --git a/tox.ini b/tox.ini
index ccfa2764..f42620e9 100644
--- a/tox.ini
+++ b/tox.ini
@@ -1,4 +1,5 @@
 [tox]
+# note: this is not a single source of truth (this is also in the .github/workflows/valiations.yml file)
 envlist = py39, py310, py311, py312
 
 # https://github.com/ymyzk/tox-gh-actions
@@ -16,4 +17,3 @@ skip_install = true
 commands =
     poetry install -vvv
     poetry run pytest --cov-report html --cov vunnel -v tests/unit/
-