diff --git a/.github/actions/compress_sign_and_upload/action.yml b/.github/actions/compress_sign_and_upload/action.yml
deleted file mode 100644
index 32b21f7..0000000
--- a/.github/actions/compress_sign_and_upload/action.yml
+++ /dev/null
@@ -1,54 +0,0 @@
-name: Compress and Sign
-description: 'Compresses package and signs with garasign'
-
-inputs: 
-    aws_role_arn:
-      description: 'AWS role input for drivers-github-tools/gpg-sign@v2'
-      required: true
-    aws_region_name:
-      description: 'AWS region name input for drivers-github-tools/gpg-sign@v2'
-      required: true
-    aws_secret_id:
-      description: 'AWS secret id input for drivers-github-tools/gpg-sign@v2'
-      required: true
-    npm_package_name:
-      description: 'The name for the npm package this repository represents'
-      required: true
-
-runs:
-  using: composite
-  steps:
-    - run: npm pack
-      shell: bash
-
-    - name: Get release version and release package file name
-      id: get_vars
-      shell: bash
-      run: |
-        package_version=$(jq --raw-output '.version' package.json)
-        echo "package_version=${package_version}" >> "$GITHUB_OUTPUT"
-        echo "package_file=${{ inputs.npm_package_name }}-${package_version}.tgz" >> "$GITHUB_OUTPUT"
-
-    - name: Set up drivers-github-tools
-      uses: mongodb-labs/drivers-github-tools/setup@v2
-      with: 
-        aws_region_name: ${{ inputs.aws_region_name }}
-        aws_role_arn: ${{ inputs.aws_role_arn }}
-        aws_secret_id: ${{ inputs.aws_secret_id }}
-
-    - name: Create detached signature
-      uses: mongodb-labs/drivers-github-tools/gpg-sign@v2
-      with: 
-        filenames: ${{ steps.get_vars.outputs.package_file }}
-      env: 
-        RELEASE_ASSETS: ${{ steps.get_vars.outputs.package_file }}.temp.sig
-
-    - name: Name release asset correctly 
-      run: mv ${{ steps.get_vars.outputs.package_file }}.temp.sig ${{ steps.get_vars.outputs.package_file }}.sig
-      shell: bash
-
-    - name: "Upload release artifacts"
-      run: gh release upload v${{ steps.get_vars.outputs.package_version }} ${{ steps.get_vars.outputs.package_file }}.sig
-      shell: bash
-      env:
-        GH_TOKEN: ${{ github.token }}
diff --git a/.github/actions/setup/action.yml b/.github/actions/setup/action.yml
deleted file mode 100644
index ced847c..0000000
--- a/.github/actions/setup/action.yml
+++ /dev/null
@@ -1,15 +0,0 @@
-name: Setup
-description: 'Installs node, driver dependencies, and builds source'
-
-runs:
-  using: composite
-  steps:
-    - uses: actions/setup-node@v4
-      with:
-        node-version: 'lts/*'
-        cache: 'npm'
-        registry-url: 'https://registry.npmjs.org'
-    - run: npm install -g npm@latest
-      shell: bash
-    - run: npm clean-install
-      shell: bash
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
new file mode 100644
index 0000000..3c601ae
--- /dev/null
+++ b/.github/workflows/build.yml
@@ -0,0 +1,16 @@
+on:
+  workflow_call: {}
+
+name: Build
+
+permissions:
+  contents: write
+  pull-requests: write
+  id-token: write
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - run: echo "nothing to do."
+        shell: bash
diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
index a2219c4..1e82ef2 100644
--- a/.github/workflows/lint.yml
+++ b/.github/workflows/lint.yml
@@ -11,8 +11,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
-
-      - name: actions/setup
-        uses: ./.github/actions/setup
+      - name: Install Node and dependencies
+        uses: mongodb-labs/drivers-github-tools/node/setup@v2
 
       - run: npm run check:lint
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 1fb6c95..eb4b3e4 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -8,7 +8,7 @@ permissions:
   pull-requests: write
   id-token: write
 
-name: release
+name: release-latest
 
 jobs:
   release_please:
@@ -18,96 +18,86 @@ jobs:
     steps:
       - id: release
         uses: googleapis/release-please-action@v4
+        with:
+          target-branch: main
 
-  compress_sign_and_upload:
+  build:
     needs: [release_please]
-    if: ${{ needs.release_please.outputs.release_created }}
+    name: "Perform any build or bundling steps, as necessary."
+    uses: ./.github/workflows/build.yml
+
+  ssdlc:
+    needs: [release_please, build]
+    permissions:
+      # required for all workflows
+      security-events: write
+      id-token: write
+      contents: write
     environment: release
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
-      - name: actions/setup
-        uses: ./.github/actions/setup
+
+      - name: Install Node and dependencies
+        uses: mongodb-labs/drivers-github-tools/node/setup@v2
+        with:
+          ignore_install_scripts: false
+
+      - name: Load version and package info
+        uses: mongodb-labs/drivers-github-tools/node/get_version_info@v2
+        with:
+          npm_package_name: mongodb-legacy
+
       - name: actions/compress_sign_and_upload
-        uses: ./.github/actions/compress_sign_and_upload
+        uses: mongodb-labs/drivers-github-tools/node/sign_node_package@v2
         with:
           aws_role_arn: ${{ secrets.AWS_ROLE_ARN }}
-          aws_region_name: 'us-east-1'
+          aws_region_name: us-east-1
           aws_secret_id: ${{ secrets.AWS_SECRET_ID }}
-          npm_package_name: 'mongodb-legacy'
-      - run: npm publish --provenance
-        env:
-          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
+          npm_package_name: mongodb-legacy
+          dry_run: ${{ needs.release_please.outputs.release_created == '' }}
 
-  generate_sarif_report:
-    environment: release
-    runs-on: ubuntu-latest
-    needs: [release_please]
-    permissions:
-      # required for all workflows
-      security-events: write
-      id-token: write
-      contents: write
+      - name: Copy sbom file to release assets
+        shell: bash
+        if: ${{ '' == '' }}
+        run: cp sbom.json ${{ env.S3_ASSETS }}/sbom.json
 
-    steps:
-      - uses: actions/checkout@v4
-      - name: Set up drivers-github-tools
-        uses: mongodb-labs/drivers-github-tools/setup@v2
+      # only used for mongodb-client-encryption
+      - name: Augment SBOM and copy to release assets
+        if: ${{ '' != '' }}
+        uses: mongodb-labs/drivers-github-tools/sbom@v2
         with:
-          aws_region_name: us-east-1
-          aws_role_arn: ${{ secrets.aws_role_arn }}
-          aws_secret_id: ${{ secrets.aws_secret_id }}
+          silk_asset_group: ''
+          sbom_file_name: sbom.json
 
-      - name: "Generate Sarif Report"
-        uses: mongodb-labs/drivers-github-tools/code-scanning-export@v2
+      - name: Generate authorized pub report
+        uses: mongodb-labs/drivers-github-tools/full-report@v2
         with:
-          ref: main
-          output-file: sarif-report.json
+          release_version: ${{ env.package_version }}
+          product_name: mongodb-legacy
+          sarif_report_target_ref: main
+          third_party_dependency_tool: n/a
+          dist_filenames: artifacts/*
+          token: ${{ github.token }}
+          sbom_file_name: sbom.json
 
-      - name: Get release version and release package file name
-        id: get_version
-        shell: bash
-        run: |
-          package_version=$(jq --raw-output '.version' package.json)
-          echo "package_version=${package_version}" >> "$GITHUB_OUTPUT"
-      - name: actions/publish_asset_to_s3
-        uses: mongodb-labs/drivers-github-tools/node/publish_asset_to_s3@v2
+      - uses: mongodb-labs/drivers-github-tools/upload-s3-assets@v2
         with:
-          version: ${{ steps.get_version.outputs.package_version }}
+          version: ${{ env.package_version }}
           product_name: mongodb-legacy
-          file: sarif-report.json
-          dry_run:  ${{ needs.release_please.outputs.release_created == '' }}
+          dry_run: ${{ needs.release_please.outputs.release_created == '' }}
 
-  upload_sbom_lite:
+  publish:
+    needs: [release_please, ssdlc, build]
     environment: release
     runs-on: ubuntu-latest
-    needs: [release_please]
-    permissions:
-      # required for all workflows
-      security-events: write
-      id-token: write
-      contents: write
-
     steps:
       - uses: actions/checkout@v4
-      - name: Set up drivers-github-tools
-        uses: mongodb-labs/drivers-github-tools/setup@v2
-        with:
-          aws_region_name: us-east-1
-          aws_role_arn: ${{ secrets.aws_role_arn }}
-          aws_secret_id: ${{ secrets.aws_secret_id }}
 
-      - name: Get release version and release package file name
-        id: get_version
-        shell: bash
-        run: |
-          package_version=$(jq --raw-output '.version' package.json)
-          echo "package_version=${package_version}" >> "$GITHUB_OUTPUT"
+      - name: Install Node and dependencies
+        uses: mongodb-labs/drivers-github-tools/node/setup@v2
 
-      - name: actions/publish_asset_to_s3
-        uses: mongodb-labs/drivers-github-tools/node/publish_asset_to_s3@v2
-        with:
-          version: ${{ steps.get_version.outputs.package_version }}
-          product_name: mongodb-legacy
-          file: sbom.json
-          dry_run:  ${{ needs.release_please.outputs.release_created == '' }}
+      - run: npm publish --provenance --tag=latest
+        if: ${{ needs.release_please.outputs.release_created }}
+        env:
+          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
diff --git a/.github/workflows/release_notes.yml b/.github/workflows/release_notes.yml
index 54b038f..486aa5e 100644
--- a/.github/workflows/release_notes.yml
+++ b/.github/workflows/release_notes.yml
@@ -45,8 +45,8 @@ jobs:
 
 
       # Setup Node.js and npm install
-      - name: actions/setup
-        uses: ./.github/actions/setup
+      - name: Install Node and dependencies
+        uses: mongodb-labs/drivers-github-tools/node/setup@v2
 
       # See: https://github.com/googleapis/release-please/issues/1274