diff --git a/.github/modernize/assessment/reports/report-20260521063406/facts/api-service-contracts.md b/.github/modernize/assessment/reports/report-20260521063406/facts/api-service-contracts.md
new file mode 100644
index 000000000..6c6196b1e
--- /dev/null
+++ b/.github/modernize/assessment/reports/report-20260521063406/facts/api-service-contracts.md
@@ -0,0 +1,70 @@
+# API & Service Communication Contracts
+
+The application exposes a compact HTTP surface with browser-facing endpoints for gallery browsing, upload, detail navigation, image retrieval, and deletion. Communication is synchronous within a single deployable service.
+
+## Service Catalog
+
+| Service | Port | Category | Purpose |
+|---|---:|---|---|
+| photo-album (single Spring Boot module) | 8080 | Business | Serves UI pages, upload API, and image delivery endpoints |
+
+## API Endpoints Inventory
+
+| Service | Method | Path | Request Type | Response Type |
+|---|---|---|---|---|
+| photo-album (`HomeController`) | GET | `/` | No body | HTML view (`index`) |
+| photo-album (`HomeController`) | POST | `/upload` | Multipart `files[]` | JSON map with `success`, `uploadedPhotos`, `failedUploads` |
+| photo-album (`DetailController`) | GET | `/detail/{id}` | Path param `id` | HTML view (`detail`) or redirect |
+| photo-album (`DetailController`) | POST | `/detail/{id}/delete` | Path param `id` | Redirect to `/` with flash message |
+| photo-album (`PhotoFileController`) | GET | `/photo/{id}` | Path param `id` | Binary resource with media type headers or 404/500 |
+
+## Management & Observability Endpoints
+
+| Service | Endpoint | Custom Metrics (if any) |
+|---|---|---|
+| photo-album | None explicitly declared in code/config | None detected |
+
+## DTOs & Contracts
+
+API contract objects include:
+- `UploadResult` (mutable POJO): service-level upload outcome object used to represent success/failure and associated photo id.
+- `Photo` (domain entity reused in API/view model): used for response data in controllers and template rendering.
+- Upload response payload is composed as a dynamic `Map<String,Object>` with uploaded/failed item lists.
+
+No OpenAPI/Swagger, GraphQL schema, or protobuf contract files were detected. Serialization relies on Spring Boot JSON/Jackson defaults.
+
+## Communication Patterns
+
+All service communication is synchronous request/response over HTTP between browser clients and the single backend service. Controllers delegate to `PhotoServiceImpl`, which performs transactional database work through `PhotoRepository`. No async messaging, circuit breaker, retry policy, or service discovery framework is present. API availability depends on datasource readiness; if Oracle is unavailable, persistence-backed operations fail. Security posture: no explicit authentication, authorization, or TLS enforcement is configured in application code.
+
+## Service Technology Matrix
+
+| Service | Web | Data Access | Discovery | Gateway | Actuator | Cache | Metrics |
+|---|---|---|---|---|---|---|---|
+| photo-album | Spring MVC + Thymeleaf | Spring Data JPA / Hibernate / Oracle JDBC | None | None | None detected | None detected | None detected |
+
+## Service Communication Sequence
+
+```mermaid
+sequenceDiagram
+    participant User as "Browser Client"
+    participant Home as "HomeController"
+    participant Service as "PhotoServiceImpl"
+    participant Repo as "PhotoRepository"
+    participant DB as "Oracle Database"
+
+    User->>Home: POST /upload (multipart files)
+    Home->>Service: uploadPhoto(file)
+    Service->>Service: validate mime type and size
+    alt Validation passes
+        Service->>Repo: save(Photo)
+        Repo->>DB: INSERT photo metadata and BLOB
+        DB-->>Repo: persisted row
+        Repo-->>Service: saved Photo(id)
+        Service-->>Home: UploadResult success
+        Home-->>User: 200 JSON upload summary
+    else Validation fails
+        Service-->>Home: UploadResult failure
+        Home-->>User: 200 JSON with failedUploads
+    end
+```
diff --git a/.github/modernize/assessment/reports/report-20260521063406/facts/architecture-diagram.md b/.github/modernize/assessment/reports/report-20260521063406/facts/architecture-diagram.md
new file mode 100644
index 000000000..fcebd1094
--- /dev/null
+++ b/.github/modernize/assessment/reports/report-20260521063406/facts/architecture-diagram.md
@@ -0,0 +1,103 @@
+# Architecture Diagram
+
+This application is a single Spring Boot web service that serves Thymeleaf pages and REST-style upload/file endpoints for photo management backed by an Oracle database.
+
+## Application Architecture
+
+```mermaid
+flowchart TD
+    subgraph Client["Client Layer"]
+        Browser["Web Browser"]
+    end
+
+    subgraph App["Application Layer - Spring Boot 2.7"]
+        MVC["Spring MVC Controllers"]
+        Views["Thymeleaf Templates"]
+        Service["PhotoService"]
+    end
+
+    subgraph Data["Data Layer"]
+        Repo["Spring Data JPA Repository"]
+        Oracle[("Oracle Database PHOTOS table")]
+        Blob[("BLOB photo data")]
+    end
+
+    Browser -->|"GET/POST requests"| MVC
+    MVC -->|"render views"| Views
+    MVC -->|"invoke business logic"| Service
+    Service -->|"CRUD and queries"| Repo
+    Repo -->|"SQL operations"| Oracle
+    Oracle -->|"stores image bytes"| Blob
+```
+
+### Technology Stack Summary
+
+| Layer | Technology | Version | Purpose |
+|---|---|---|---|
+| Presentation | Spring MVC + Thymeleaf | Spring Boot 2.7.18 | Handles gallery UI and request routing |
+| Business | Spring Service + Validation | Spring Boot 2.7.18 | Enforces upload rules and photo lifecycle operations |
+| Data Access | Spring Data JPA + Hibernate | Spring Boot 2.7.18 | Repository abstraction and ORM integration |
+| Data Store | Oracle JDBC (`ojdbc8`) | Runtime dependency | Persistent storage for metadata and BLOB image data |
+
+### Data Storage & External Services
+
+The primary runtime datastore is Oracle, with the `PHOTOS` table storing both metadata and raw image data in a BLOB column. Test executions use H2 in-memory storage via the test profile, and there are no outbound third-party API integrations in core request flows.
+
+### Key Architectural Decisions
+
+- Stores photo binary content directly in the database (`@Lob`) instead of serving from external object storage.
+- Uses constructor injection and a thin-controller/service/repository layering to keep controller logic focused on HTTP concerns.
+- Uses environment/profile-based datasource switching (`default`/`docker` runtime vs `test` profile with H2).
+
+## Component Relationships
+
+```mermaid
+flowchart LR
+    subgraph Presentation["Presentation"]
+        HomeCtrl["HomeController"]
+        DetailCtrl["DetailController"]
+        FileCtrl["PhotoFileController"]
+    end
+
+    subgraph Business["Business Logic"]
+        PhotoSvc["PhotoServiceImpl"]
+        UploadRes["UploadResult"]
+    end
+
+    subgraph DataAccess["Data Access"]
+        PhotoRepo["PhotoRepository"]
+        PhotoEntity["Photo Entity"]
+    end
+
+    subgraph Infra["Infrastructure"]
+        Tx["Spring Transactions"]
+        Log["SLF4J Logging"]
+        OracleDB["Oracle DB"]
+    end
+
+    HomeCtrl -->|"list/upload"| PhotoSvc
+    DetailCtrl -->|"detail/delete/navigation"| PhotoSvc
+    FileCtrl -->|"fetch bytes"| PhotoSvc
+    PhotoSvc -->|"save/query/delete"| PhotoRepo
+    PhotoRepo -->|"maps rows"| PhotoEntity
+    PhotoRepo -->|"native SQL"| OracleDB
+    Tx -.->|"transaction boundary"| PhotoSvc
+    Log -.->|"cross-cutting logs"| HomeCtrl
+    Log -.->|"cross-cutting logs"| DetailCtrl
+    Log -.->|"cross-cutting logs"| FileCtrl
+```
+
+### Component Inventory
+
+| Component | Layer | Type | Responsibility |
+|---|---|---|---|
+| HomeController | Presentation | MVC Controller | Renders gallery and handles batch upload requests |
+| DetailController | Presentation | MVC Controller | Renders single photo detail and delete actions |
+| PhotoFileController | Presentation | MVC Controller | Streams image binary content for `/photo/{id}` |
+| PhotoServiceImpl | Business Logic | Service | Validates files, handles photo persistence and navigation operations |
+| UploadResult | Business Logic | DTO | Captures per-file upload outcome for API responses |
+| PhotoRepository | Data Access | Spring Data Repository | Executes CRUD and custom Oracle-native queries |
+| Photo | Data Access | JPA Entity | Represents persisted photo metadata and image BLOB |
+| Spring Transactions | Infrastructure | Framework Concern | Ensures atomic writes and consistent data operations |
+| SLF4J Logging | Infrastructure | Cross-cutting Concern | Provides operational/error tracing across controllers and service |
+```
diff --git a/.github/modernize/assessment/reports/report-20260521063406/facts/assessment-overview.md b/.github/modernize/assessment/reports/report-20260521063406/facts/assessment-overview.md
new file mode 100644
index 000000000..52367ce28
--- /dev/null
+++ b/.github/modernize/assessment/reports/report-20260521063406/facts/assessment-overview.md
@@ -0,0 +1,10 @@
+# Assessment Overview
+
+This directory contains supplementary architecture and analysis documents generated during application assessment.
+
+- [architecture-diagram.md](./architecture-diagram.md) — High-level and component-level architecture diagrams.
+- [dependency-map.md](./dependency-map.md) — External dependency inventory and compatibility observations.
+- [api-service-contracts.md](./api-service-contracts.md) — Service catalog, endpoint contracts, and communication sequence.
+- [data-architecture.md](./data-architecture.md) — Persistence model, repository methods, and data classification notes.
+- [configuration-inventory.md](./configuration-inventory.md) — Configuration sources, profiles, properties, and secrets workflow.
+- [business-workflows.md](./business-workflows.md) — Core business processes and decision logic.
diff --git a/.github/modernize/assessment/reports/report-20260521063406/facts/business-workflows.md b/.github/modernize/assessment/reports/report-20260521063406/facts/business-workflows.md
new file mode 100644
index 000000000..f0da716a4
--- /dev/null
+++ b/.github/modernize/assessment/reports/report-20260521063406/facts/business-workflows.md
@@ -0,0 +1,72 @@
+# Core Business Workflows
+
+The application enables users to upload, browse, inspect, and delete photos in a lightweight gallery experience. Core workflows focus on validating uploads and managing a photo collection lifecycle.
+
+## Domain Entities
+
+| Entity | Service / Bounded Context | Description | Key Relationships |
+|---|---|---|---|
+| Photo | Photo Management | Canonical record for stored image content and metadata | Used by upload, gallery listing, detail viewing, and deletion workflows |
+| UploadResult | Photo Management | Operation result object for per-file upload outcomes | Produced by upload workflow and aggregated into response payload |
+
+## Service-to-Domain Mapping
+
+| Service | Domain Context | Owned Entities | External Dependencies |
+|---|---|---|---|
+| photo-album | Photo Management | `Photo`, `UploadResult` | Oracle database via repository layer |
+
+## Primary Workflows
+
+### Workflow 1: Upload Photos to Gallery
+
+Entry point: `POST /upload`
+1. User selects one or more files and submits upload.
+2. Service validates MIME type, file size, and non-empty content.
+3. Service extracts image dimensions and prepares persisted `Photo` entity.
+4. Repository saves metadata and binary content.
+5. Response aggregates successful and failed files for user feedback.
+
+### Workflow 2: Browse, View Detail, and Delete
+
+Entry points: `GET /`, `GET /detail/{id}`, `POST /detail/{id}/delete`, `GET /photo/{id}`
+1. Gallery page requests photo list sorted by newest uploads.
+2. Detail page resolves specific photo plus previous/next navigation candidates.
+3. Binary endpoint streams image bytes for rendering.
+4. Delete action removes selected photo and returns to gallery with status message.
+
+## Cross-Service Data Flows
+
+No cross-service composition is present. All workflow data is owned and served by a single service and one backing datastore, so business responses are assembled internally without downstream service joins or fallback routing.
+
+## Business Workflow Sequence
+
+```mermaid
+sequenceDiagram
+    participant User as "Gallery User"
+    participant UI as "HomeController"
+    participant Service as "PhotoServiceImpl"
+    participant Repo as "PhotoRepository"
+    participant DB as "Oracle Database"
+
+    User->>UI: Submit photo upload request
+    UI->>Service: Process uploaded files
+    Service->>Service: Validate file type and size rules
+    alt File valid
+        Service->>Repo: Save photo record
+        Repo->>DB: Persist metadata and image content
+        DB-->>Repo: Save successful
+        Repo-->>Service: Persisted photo id
+    else File invalid
+        Service-->>Service: Mark upload as failed
+    end
+    Service-->>UI: Return upload summary
+    UI-->>User: Show success/failure results in gallery
+```
+
+## Business Rules & Decision Logic
+
+- Uploads must be image MIME types from an allowed list and within configured maximum size.
+- Empty files are rejected before persistence.
+- Navigation logic selects previous/next photos based on upload timestamp ordering.
+- Deletion only succeeds when the target photo exists; otherwise user receives not-found feedback.
+- Transaction boundary is at service layer (`@Transactional`) to keep write operations consistent.
diff --git a/.github/modernize/assessment/reports/report-20260521063406/facts/configuration-inventory.md b/.github/modernize/assessment/reports/report-20260521063406/facts/configuration-inventory.md
new file mode 100644
index 000000000..8f02b3837
--- /dev/null
+++ b/.github/modernize/assessment/reports/report-20260521063406/facts/configuration-inventory.md
@@ -0,0 +1,85 @@
+# Configuration & Externalized Settings Inventory
+
+Configuration is primarily file-based with Spring properties for server, datasource, JPA, upload limits, and logging. Runtime behavior switches mainly through Spring profiles (`default`, `docker`, and `test`) and container environment overrides.
+
+## Configuration Sources
+
+| Source | Type | Path/Location | Notes |
+|---|---|---|---|
+| Main Spring properties | Application config | `src/main/resources/application.properties` | Base server, datasource, JPA, upload, logging settings |
+| Docker profile properties | Application config | `src/main/resources/application-docker.properties` | Overrides for containerized runtime profile |
+| Test profile properties | Test config | `src/test/resources/application-test.properties` | H2 in-memory datasource for tests |
+| Docker Compose service env | Container runtime config | `docker-compose.yml` | Injects active profile and datasource credentials |
+| Docker image runtime options | Container startup config | `Dockerfile` | Defines `JAVA_OPTS` and jar startup command |
+| Azure setup env output | Provisioning config artifact | `.env` (generated by `azure-setup.ps1`) | Script writes resource and DB environment values |
+
+## Build Profiles
+
+| Profile | Activation | Purpose | Key Dependencies/Plugins |
+|---|---|---|---|
+| Maven default build | Standard `mvn` lifecycle | Build/packaging Spring Boot application jar | `spring-boot-maven-plugin` |
+
+## Runtime Profiles
+
+| Profile | Activation Method | Config Files | Key Overrides |
+|---|---|---|---|
+| default | No explicit profile variable | `application.properties` | Oracle datasource, debug-level app logging |
+| docker | `SPRING_PROFILES_ACTIVE=docker` | `application.properties` + `application-docker.properties` | Docker-specific Oracle URL and adjusted logging levels |
+| test | `@ActiveProfiles("test")` in tests | `application-test.properties` | H2 datasource and non-SQL logging for tests |
+
+## Properties Inventory
+
+| Property Key | Default | Profiles | Source |
+|---|---|---|---|
+| `server.port` | `8080` | default, docker | application properties files |
+| `spring.datasource.url` | Oracle JDBC URL | default, docker, test override | application / docker / test properties |
+| `spring.datasource.username` | `photoalbum` (runtime), `sa` (test) | default, docker, test | application / docker / test properties |
+| `spring.datasource.password` | configured (runtime), blank (test) | default, docker, test | application / docker / test properties |
+| `spring.jpa.hibernate.ddl-auto` | `create` (`create-drop` in test) | default, docker, test | application / docker / test properties |
+| `spring.servlet.multipart.max-file-size` | `10MB` | default, docker | application properties files |
+| `spring.servlet.multipart.max-request-size` | `50MB` | default, docker | application properties files |
+| `app.file-upload.max-file-size-bytes` | `10485760` | default, docker, test | application / docker / test properties |
+| `app.file-upload.allowed-mime-types` | jpeg/png/gif/webp list | default, docker, test | application / docker / test properties |
+| `logging.level.com.photoalbum` | DEBUG/INFO by profile | default, docker, test | application / docker / test properties |
+
+## Startup Parameters & Resource Requirements
+
+| Service | JVM/Runtime Options | Memory | Instance Count |
+|---|---|---|---|
+| photo-album container | `java $JAVA_OPTS -jar app.jar` | `JAVA_OPTS="-Xmx512m -Xms256m"` in Dockerfile | 1 instance in docker-compose |
+| oracle-db container | Oracle image defaults | Not explicitly constrained in compose | 1 instance in docker-compose |
+
+## Startup Dependency Chain
+
+1. `oracle-db` starts first and must pass container health check.
+2. `photoalbum-java-app` starts after `oracle-db` is healthy (`depends_on` with `condition: service_healthy`).
+3. Application handles requests after datasource initialization succeeds.
+
+## Secrets & Sensitive Configuration
+
+| Secret Reference | Type | Storage (masked) |
+|---|---|---|
+| `spring.datasource.password` | Database credential | Application property / environment variable (`[MASKED]`) |
+| `ORACLE_PASSWORD`, `APP_USER_PASSWORD` | Container DB credential | `docker-compose.yml` environment (`[MASKED]`) |
+| `POSTGRES_PASSWORD` (script-generated) | Provisioning credential | `.env` output from setup script (`[MASKED]`) |
+
+### Secrets Provisioning Workflow
+
+Secrets are provided through local configuration files and environment variables. In local/container flows, docker-compose injects DB credentials directly to Oracle and the app service; in scripted Azure setup, credentials are generated/set and written to `.env` for subsequent use by tooling and deployment steps. No managed identity or external secret manager integration is declared in this repository.
+
+## Feature Flags
+
+| Flag Name | Default | Controlled By |
+|---|---|---|
+| None detected | N/A | N/A |
+
+## Framework & Runtime Versions
+
+| Component | Version | Source |
+|---|---|---|
+| Spring Boot | 2.7.18 | `pom.xml` parent |
+| Java target | 8 | `pom.xml` properties and Docker base image |
+| Maven (build image) | 3.9.6 | `Dockerfile` build stage |
+| Oracle JDBC driver | `ojdbc8` | `pom.xml` dependency |
+| Container JRE | Eclipse Temurin 8 JRE | `Dockerfile` runtime stage |
+| Oracle container DB | `gvenzl/oracle-free:latest` | `docker-compose.yml` |
diff --git a/.github/modernize/assessment/reports/report-20260521063406/facts/data-architecture.md b/.github/modernize/assessment/reports/report-20260521063406/facts/data-architecture.md
new file mode 100644
index 000000000..b1b3e851b
--- /dev/null
+++ b/.github/modernize/assessment/reports/report-20260521063406/facts/data-architecture.md
@@ -0,0 +1,61 @@
+# Data Architecture & Persistence Layer
+
+The data layer centers on a single relational model for photo metadata and binary image content using JPA/Hibernate. Runtime persistence uses Oracle, while tests use an in-memory H2 profile.
+
+## Database Configuration
+
+| Service/Module | DB Type | Profile | Driver | Connection | Migration Tool |
+|---|---|---|---|---|---|
+| photo-album | Oracle | default | Oracle JDBC | Oracle service host and port in datasource URL | None detected |
+| photo-album | Oracle | docker | Oracle JDBC | Containerized Oracle endpoint in datasource URL | None detected |
+| photo-album (tests) | H2 in-memory | test | H2 Driver | In-memory JDBC URL | None detected |
+
+## Data Ownership per Service
+
+| Service | Tables Owned | ORM Framework | Caching | Notes |
+|---|---|---|---|---|
+| photo-album | `PHOTOS` | Spring Data JPA / Hibernate | None detected | Stores both metadata and image BLOB in one table |
+
+## Entity Model
+
+```mermaid
+erDiagram
+    PHOTO {
+        string id PK
+        string originalFileName
+        bytes photoData
+        string storedFileName
+        string filePath
+        long fileSize
+        string mimeType
+        datetime uploadedAt
+        int width
+        int height
+    }
+```
+
+## Key Repository Methods
+
+| Service | Repository | Notable Methods | Purpose |
+|---|---|---|---|
+| photo-album | `PhotoRepository` (`src/main/java/com/photoalbum/repository/PhotoRepository.java`) | `findAllOrderByUploadedAtDesc()` | Returns gallery list newest first |
+| photo-album | `PhotoRepository` | `findPhotosUploadedBefore(LocalDateTime)` | Fetches older photos for previous navigation |
+| photo-album | `PhotoRepository` | `findPhotosUploadedAfter(LocalDateTime)` | Fetches newer photos for next navigation |
+| photo-album | `PhotoRepository` | `findPhotosByUploadMonth(String,String)` | Oracle-specific month filtering |
+| photo-album | `PhotoRepository` | `findPhotosWithPagination(int,int)` | Oracle `ROWNUM` pagination window |
+| photo-album | `PhotoRepository` | `findPhotosWithStatistics()` | Uses analytic functions for ranking and running totals |
+
+## Caching Strategy
+
+No explicit cache provider or Spring cache annotations were found. Reads and writes are executed directly through repository/database access within transactional service methods.
+
+## Data Ownership Boundaries
+
+The application uses a shared single-database and single-service topology: one service both owns and accesses all persisted photo data. There is no cross-service data access pattern, CQRS split, or inter-service aggregation at the data layer.
+
+### Data Classification & Sensitivity
+
+| Entity | Sensitive Fields | Classification (PII/PHI/PCI/None) | Controls in Place |
+|---|---|---|---|
+| `Photo` | `originalFileName` (may contain user-identifying text), `photoData` (image content may include personal data) | PII (potential) | No explicit encryption-at-rest, masking, or field-level access control configured in code |
+| `Photo` | No payment or medical attributes detected | None for PCI/PHI | N/A |
diff --git a/.github/modernize/assessment/reports/report-20260521063406/facts/dependency-map.md b/.github/modernize/assessment/reports/report-20260521063406/facts/dependency-map.md
new file mode 100644
index 000000000..107743232
--- /dev/null
+++ b/.github/modernize/assessment/reports/report-20260521063406/facts/dependency-map.md
@@ -0,0 +1,72 @@
+# Dependency Map
+
+Photo Album declares 8 non-test dependencies and 2 test-scope dependencies in a single Maven module.
+
+## Dependencies
+
+```mermaid
+flowchart LR
+    App["Photo Album"]
+    Parent["spring-boot-starter-parent 2.7.18"]
+
+    subgraph Web["Web Frameworks"]
+        WebStarter["spring-boot-starter-web"]
+        Thymeleaf["spring-boot-starter-thymeleaf"]
+    end
+
+    subgraph DB["Database / ORM"]
+        Jpa["spring-boot-starter-data-jpa"]
+        Ojdbc["ojdbc8 runtime"]
+    end
+
+    subgraph Sec["Security"]
+        Validation["spring-boot-starter-validation"]
+    end
+
+    subgraph Util["Utilities"]
+        CommonsIo["commons-io 2.11.0"]
+        Json["spring-boot-starter-json"]
+        Devtools["spring-boot-devtools optional"]
+    end
+
+    App -->|"managed by"| Parent
+    App -->|"web"| Web
+    App -->|"persistence"| DB
+    App -->|"validation"| Sec
+    App -->|"utilities"| Util
+    Parent -.->|"version management"| WebStarter
+    Parent -.->|"version management"| Thymeleaf
+    Parent -.->|"version management"| Jpa
+    Parent -.->|"version management"| Validation
+    Parent -.->|"version management"| Json
+    Parent -.->|"version management"| Devtools
+```
+
+### Dependency Summary
+
+| Category | Count | Key Libraries | Notes |
+|---|---:|---|---|
+| Web Frameworks | 2 | `spring-boot-starter-web`, `spring-boot-starter-thymeleaf` | Server-rendered MVC application |
+| Database / ORM | 2 | `spring-boot-starter-data-jpa`, `ojdbc8` | JPA/Hibernate with Oracle runtime driver |
+| Security | 1 | `spring-boot-starter-validation` | Bean validation for upload constraints |
+| Utilities | 3 | `commons-io`, `spring-boot-starter-json`, `spring-boot-devtools` | JSON support, file IO helper, local dev hot reload |
+
+### Version & Compatibility Risks
+
+The project targets Java 8 and Spring Boot 2.7.x, both of which are older baselines for modernization. Oracle-specific native SQL in repositories and reliance on `ojdbc8` can increase migration effort if moving to another database engine or newer framework stack.
+
+### Notable Observations
+
+- Dependency versions are mostly managed by the Spring Boot parent BOM, reducing manual version drift risk.
+- The runtime DB dependency is Oracle-specific, and several repository queries use Oracle syntax (`ROWNUM`, `NVL`, `TO_CHAR`).
+- No dedicated observability or messaging libraries are declared; the system is a synchronous, single-service web app.
+
+## Test Dependencies
+
+| Framework | Version | Notes |
+|---|---|---|
+| spring-boot-starter-test | Managed by Spring Boot 2.7.18 | Includes JUnit 5 and Spring test support |
+| h2 | Managed by Spring Boot 2.7.18 | In-memory database used by `test` profile |
+
+Total test-scope dependencies: 2
+The test stack is minimal but sufficient for context-load and repository-backed integration testing with an embedded DB.
diff --git a/.github/modernize/assessment/reports/report-20260521063406/report.html b/.github/modernize/assessment/reports/report-20260521063406/report.html
new file mode 100644
index 000000000..231609c68
--- /dev/null
+++ b/.github/modernize/assessment/reports/report-20260521063406/report.html
@@ -0,0 +1,1312 @@
+<!DOCTYPE html>
+<html><head><meta charset="utf-8" />
+<meta name="viewport" content="width=device-width, initial-scale=1" />
+<title>Assessment - photo-album</title>
+<style>
+:root {
+  --bg-primary: #ffffff;
+  --bg-card: #f8f9fa;
+  --bg-page: #f0f1f3;
+  --text-primary: #24292f;
+  --text-secondary: #57606a;
+  --text-muted: #6b7280;
+  --border-color: #d0d7de;
+  --border-light: #e1e4e8;
+  --link-color: #2563eb;
+  --color-mandatory: #E3008C;
+  --color-potential: #637CEF;
+  --color-optional: #A19F9D;
+  --font-family: 'Segoe UI', -apple-system, BlinkMacSystemFont, Arial, sans-serif;
+  --font-mono: 'Cascadia Code', 'Consolas', 'Courier New', monospace;
+}
+* { box-sizing: border-box; margin: 0; padding: 0; }
+body { font-family: var(--font-family); font-size: 13px; color: var(--text-primary); background: var(--bg-primary); line-height: 1.5; margin: 0; padding: 0; }
+a { color: var(--link-color); text-decoration: none; }
+a:hover { text-decoration: underline; }
+
+/* ── Page layout ───────────────────────────────────────────── */
+.main { margin: 0; padding: 24px 32px; background: var(--bg-primary); }
+.back-link { color: var(--text-muted); font-size: 13px; margin-bottom: 16px; display: block; }
+h1 { font-weight: 600; font-size: 20px; color: var(--text-primary); margin-bottom: 20px; }
+
+/* ── Report cards (matches VS Code .vscode-report-card) ──── */
+.report-card { background: var(--bg-card); border: 1px solid var(--border-light); border-radius: 4px; padding: 12px; margin-bottom: 20px; }
+.report-card h2 { font-size: 14px; font-weight: 600; margin: 0; color: var(--text-primary); }
+.report-card-body { margin-top: 16px; }
+
+/* ── Application Information (two-column) ────────────────── */
+.app-info-container { display: flex; gap: 8px; flex-wrap: wrap; }
+.app-info-column { flex: 1; min-width: 200px; display: flex; flex-direction: column; gap: 8px; }
+.app-info-row { display: flex; align-items: baseline; }
+.app-info-label { width: 136px; flex-shrink: 0; font-weight: 600; color: var(--text-primary); }
+.app-info-value { flex: 1; color: var(--text-primary); }
+
+/* ── Issue Summary (pie charts + legend) ─────────────────── */
+.cards-container { display: flex; align-items: stretch; gap: 20px; flex-wrap: wrap; }
+.issue-summary-card { flex: 2; }
+.domain-summary-container { display: flex; flex-wrap: wrap; gap: 20px; justify-content: space-around; }
+.domain-summary-item { flex: 1; min-width: 120px; text-align: center; padding: 0 16px; border-right: 1px solid var(--border-light); }
+.domain-summary-item:last-child { border-right: none; }
+.domain-summary-item h3 { font-size: 13px; font-weight: 600; color: var(--text-primary); margin-top: 8px; }
+.domain-summary-item .count { font-size: 12px; color: var(--text-secondary); }
+.criticality-legend { display: flex; flex-wrap: wrap; gap: 15px; padding-top: 12px; justify-content: center; }
+.criticality-legend .legend-item { display: flex; align-items: center; gap: 4px; font-size: 12px; color: var(--text-secondary); }
+.legend-swatch { display: inline-block; width: 1em; height: 1em; border-radius: 2px; }
+
+/* ── Issue list tables ───────────────────────────────────── */
+.issue-section { margin-top: 20px; }
+.issue-section h2 { font-size: 14px; font-weight: 600; margin-bottom: 8px; }
+.issue-table { width: 100%; border-collapse: collapse; table-layout: fixed; min-width: 600px; }
+.issue-table th { text-align: left; text-transform: uppercase; font-weight: 600; font-size: calc(13px * 0.875); padding: 6px 8px; background: var(--bg-card); border-bottom: 1px solid var(--border-color); color: var(--text-secondary); position: sticky; top: 0; z-index: 1; }
+.issue-table td { padding: 12px 8px; border-bottom: 1px solid var(--border-light); overflow: hidden; text-overflow: ellipsis; white-space: nowrap; vertical-align: middle; }
+.col-issue { width: 55%; }
+.col-criticality { width: 25%; }
+.col-storypoint { width: 20%; }
+
+/* ── Target dropdown ─────────────────────────────────────── */
+.target-select-container { margin: 4px 0 16px 0; display: flex; align-items: center; gap: 8px; }
+.target-select-container label { font-weight: 600; color: var(--text-primary); font-size: 14px; }
+.target-select-container select { font-family: var(--font-family); font-size: 13px; padding: 4px 8px; border: 1px solid var(--border-color); border-radius: 4px; background: var(--bg-primary); color: var(--text-primary); cursor: pointer; }
+
+/* ── Filter bar ──────────────────────────────────────────── */
+.filter-bar { display: flex; flex-wrap: wrap; gap: 16px; margin: 16px 0 8px 0; align-items: center; }
+.multi-select { position: relative; display: inline-block; min-width: 140px; }
+.multi-select-btn { font-family: var(--font-family); font-size: 13px; padding: 4px 24px 4px 8px; border: 1px solid var(--border-color); border-radius: 4px; background: var(--bg-primary); color: var(--text-primary); cursor: pointer; width: 100%; text-align: left; position: relative; white-space: nowrap; }
+.multi-select-btn::after { content: '\25BE'; position: absolute; right: 8px; top: 50%; transform: translateY(-50%); font-size: 11px; color: var(--text-secondary); }
+.multi-select-dropdown { display: none; position: absolute; top: 100%; left: 0; min-width: 100%; background: var(--bg-primary); border: 1px solid var(--border-color); border-radius: 4px; box-shadow: 0 4px 12px rgba(0,0,0,0.1); z-index: 100; margin-top: 2px; }
+.multi-select.open .multi-select-dropdown { display: block; }
+.multi-select-option { display: flex; align-items: center; gap: 6px; padding: 5px 10px; cursor: pointer; font-size: 13px; white-space: nowrap; }
+.multi-select-option:hover { background: var(--bg-secondary); }
+.multi-select-option input[type=checkbox] { margin: 0; cursor: pointer; }
+.clear-filters { font-size: 12px; color: var(--link-color); cursor: pointer; margin-left: 4px; }
+
+/* ── Criticality labels (colored square + text) ──────────── */
+.crit-label { display: inline-flex; align-items: center; gap: 6px; font-size: 12px; white-space: nowrap; }
+.crit-square { display: inline-block; width: 10px; height: 10px; border-radius: 2px; flex-shrink: 0; }
+.crit-square-mandatory { background: var(--color-mandatory); }
+.crit-square-potential { background: var(--color-potential); }
+.crit-square-optional { background: var(--color-optional); }
+
+/* ── Expandable rows ─────────────────────────────────────── */
+.expand-btn { background: none; border: none; cursor: pointer; width: 20px; height: 20px; display: inline-flex; align-items: center; justify-content: center; color: var(--text-muted); font-size: 11px; transition: transform 0.15s; padding: 0; vertical-align: middle; flex-shrink: 0; }
+.expand-btn.open { transform: rotate(90deg); }
+.issue-title-cell { display: flex; align-items: center; gap: 4px; }
+.detail-row td { padding: 0; border-bottom: 1px solid var(--border-light); white-space: normal; overflow: visible; text-overflow: clip; }
+.detail-content { display: flex; gap: 0; padding: 8px 8px 8px 32px; min-width: 0; }
+.file-list { flex: 0 0 50%; min-width: 0; overflow: hidden; }
+.file-list table { width: 100%; border-collapse: collapse; }
+.file-list th { font-size: calc(13px * 0.875); text-transform: uppercase; font-weight: 600; color: var(--text-secondary); padding: 6px 8px; border-bottom: 1px solid var(--border-color); text-align: left; height: 32px; }
+.file-list td { font-size: 13px; padding: 6px 8px; border-bottom: 1px solid var(--border-light); color: var(--text-primary); }
+.file-list .file-path { overflow: hidden; text-overflow: ellipsis; white-space: nowrap; max-width: 300px; display: block; }
+.file-list .position { font-family: var(--font-mono); font-size: 12px; color: var(--text-secondary); }
+.explanation-panel { flex: 1; padding-left: 16px; min-width: 0; overflow-wrap: break-word; word-wrap: break-word; }
+.explanation-panel h4 { font-size: calc(13px * 0.875); text-transform: uppercase; font-weight: 600; color: var(--text-secondary); padding: 6px 0; border-bottom: 1px solid var(--border-color); height: 32px; margin: 0; }
+.explanation-panel p { font-size: 13px; padding: 8px 0; color: var(--text-primary); line-height: 1.6; white-space: normal; word-break: break-word; }
+
+/* ── Experimental badge ──────────────────────────────────── */
+.badge-experimental { display: inline-block; padding: 2px 8px; border-radius: 4px; font-size: 11px; font-weight: 600; background: #fef9c3; color: #854d0e; vertical-align: middle; margin-left: 8px; cursor: default; }
+
+/* ── Footer ──────────────────────────────────────────────── */
+.footer { text-align: center; margin-top: 24px; color: var(--text-muted); font-size: 13px; }
+
+/* ── Responsive ──────────────────────────────────────────── */
+@media (max-width: 800px) {
+  .main { padding: 16px; }
+  .app-info-container { flex-direction: column; }
+  .domain-summary-container { flex-direction: column; }
+  .domain-summary-item { border-right: none; border-bottom: 1px solid var(--border-light); padding-bottom: 12px; }
+  .detail-content { flex-direction: column; }
+  .file-list { flex: none; width: 100%; }
+  .explanation-panel { padding-left: 0; padding-top: 8px; }
+}
+/* ── Tab navigation ──────────────────────────────────────── */
+.tab-nav { display: flex; gap: 0; border-bottom: 1px solid var(--border-color); margin-bottom: 28px; flex-wrap: wrap; }
+.tab-btn { background: none; border: none; border-bottom: 2px solid transparent; padding: 10px 18px; font-size: 13px; font-family: var(--font-family); color: var(--text-secondary); cursor: pointer; margin-bottom: -1px; white-space: nowrap; position: relative; }
+.tab-btn:hover { color: var(--text-primary); }
+.tab-btn.active { color: var(--link-color); border-bottom-color: var(--link-color); font-weight: 600; }
+.tab-panel { display: none; }
+.tab-panel.active { display: block; }
+
+/* ── Tooltip on tab ──────────────────────────────────────── */
+.tab-btn[data-tooltip]::after { content: attr(data-tooltip); position: absolute; bottom: calc(100% + 8px); left: 50%; transform: translateX(-50%); background: #24292f; color: #ffffff; font-size: 12px; font-weight: 400; padding: 6px 10px; border-radius: 4px; white-space: normal; width: max-content; max-width: 260px; text-align: center; pointer-events: none; opacity: 0; transition: opacity 0.15s; z-index: 100; }
+.tab-btn[data-tooltip]:hover::after { opacity: 1; }
+
+/* ── Fact content — prose column ─────────────────────────── */
+.fact-content { max-width: 860px; margin: 0 auto; line-height: 1.75; color: var(--text-primary); font-size: 14px; }
+.fact-content h1 { font-size: 22px; font-weight: 700; margin: 0 0 6px 0; color: var(--text-primary); letter-spacing: -0.01em; }
+.fact-content h1 + p { margin-top: 6px; color: var(--text-secondary); font-size: 14px; margin-bottom: 24px; }
+.fact-content h2 { font-size: 17px; font-weight: 700; margin: 36px 0 12px 0; padding-bottom: 6px; border-bottom: 1px solid var(--border-color); color: var(--text-primary); letter-spacing: -0.01em; }
+.fact-content h3 { font-size: 14px; font-weight: 700; margin: 24px 0 8px 0; color: var(--text-primary); text-transform: uppercase; letter-spacing: 0.04em; font-size: 12px; color: var(--text-secondary); }
+.fact-content p { margin: 10px 0; color: var(--text-primary); }
+.fact-content ul, .fact-content ol { margin: 10px 0 10px 22px; }
+.fact-content li { margin: 5px 0; }
+.fact-content a { color: var(--link-color); }
+.fact-content a:hover { text-decoration: underline; }
+
+/* ── Fact tables ─────────────────────────────────────────── */
+.table-wrap { overflow-x: auto; margin: 16px 0; }
+.fact-content table { border-collapse: collapse; width: 100%; margin: 16px 0; font-size: 13px; border-radius: 6px; overflow: hidden; border: 1px solid var(--border-color); }
+.fact-content thead { background: var(--bg-card); }
+.fact-content th { text-align: left; font-weight: 600; font-size: 12px; text-transform: uppercase; letter-spacing: 0.04em; padding: 8px 14px; border-bottom: 1px solid var(--border-color); color: var(--text-secondary); }
+.fact-content td { padding: 9px 14px; border-bottom: 1px solid var(--border-light); vertical-align: top; color: var(--text-primary); }
+.fact-content tr:last-child td { border-bottom: none; }
+.fact-content tbody tr:hover { background: #f6f8fa; }
+
+/* ── Fact code ───────────────────────────────────────────── */
+.fact-content code { font-family: var(--font-mono); font-size: 12px; background: #f0f1f3; padding: 2px 6px; border-radius: 4px; color: #c7254e; }
+.fact-content pre { background: #f6f8fa; border: 1px solid var(--border-light); border-radius: 6px; padding: 14px 16px; overflow-x: auto; margin: 14px 0; }
+.fact-content pre code { background: none; color: var(--text-primary); padding: 0; border-radius: 0; }
+.fact-content hr { border: none; border-top: 1px solid var(--border-light); margin: 28px 0; }
+.fact-content strong { font-weight: 600; }
+.fact-content em { font-style: italic; }
+.fact-content blockquote { border-left: 3px solid var(--border-color); margin: 12px 0; padding: 4px 16px; color: var(--text-secondary); }
+.fact-unavailable { padding: 32px 0; }
+.fact-unavailable h3 { font-size: 16px; font-weight: 600; color: var(--text-primary); text-transform: none; letter-spacing: 0; margin: 0 0 12px 0; }
+.fact-unavailable p { margin: 0 0 8px 0; color: var(--text-secondary); }
+.fact-unavailable ol, .fact-unavailable ul { margin: 0 0 0 22px; color: var(--text-primary); }
+.fact-unavailable li { margin: 6px 0; }
+
+/* ── Mermaid diagram card ─────────────────────────────────── */
+.mermaid { background: var(--bg-card); border: 1px solid var(--border-light); border-radius: 8px; padding: 24px 16px; margin: 20px 0; overflow-x: auto; text-align: center; cursor: pointer; position: relative; }
+.mermaid:hover { border-color: var(--border-color); }
+.mermaid svg { max-width: 100%; height: auto !important; display: inline-block; }
+.mermaid-zoom-hint { position: absolute; top: 8px; right: 10px; font-size: 11px; color: var(--text-muted); opacity: 0; transition: opacity 0.15s; pointer-events: none; }
+.mermaid:hover .mermaid-zoom-hint { opacity: 1; }
+
+/* ── Diagram lightbox ────────────────────────────────────── */
+.diagram-lightbox { display: none; position: fixed; inset: 0; z-index: 1000; background: rgba(0,0,0,0.7); backdrop-filter: blur(2px); align-items: center; justify-content: center; cursor: zoom-out; padding: 48px 32px; }
+.diagram-lightbox.open { display: flex; }
+.diagram-lightbox-inner { background: #ffffff; border-radius: 10px; padding: 32px; width: 88vw; max-height: 88vh; overflow: hidden; cursor: default; box-shadow: 0 24px 64px rgba(0,0,0,0.35); display: flex; align-items: center; justify-content: center; }
+.diagram-lightbox-inner svg { width: 100% !important; height: auto !important; max-height: 76vh; display: block; }
+.diagram-lightbox-close { position: fixed; top: 20px; right: 24px; background: #ffffff; border: none; border-radius: 50%; width: 36px; height: 36px; font-size: 18px; cursor: pointer; display: flex; align-items: center; justify-content: center; color: var(--text-primary); box-shadow: 0 2px 8px rgba(0,0,0,0.2); z-index: 1001; }
+.diagram-lightbox-close:hover { background: var(--bg-card); }
+.diagram-lightbox-hint { position: fixed; bottom: 20px; left: 50%; transform: translateX(-50%); background: rgba(0,0,0,0.55); color: #ffffff; font-size: 12px; padding: 6px 14px; border-radius: 20px; pointer-events: none; white-space: nowrap; z-index: 1001; }
+</style>
+<script>
+window.__mermaidPending = [];
+window.__mermaidReady = false;
+window.__renderMermaidIn = function(container) {
+  if (container) { window.__mermaidPending.push(container); }
+};
+</script>
+<script type="module">
+import mermaid from 'https://cdn.jsdelivr.net/npm/mermaid@11/dist/mermaid.esm.min.mjs';
+mermaid.initialize({ startOnLoad: false, theme: 'default', flowchart: { useMaxWidth: true }, sequence: { useMaxWidth: true } });
+
+window.__renderMermaidIn = function(container) {
+  var nodes = container ? container.querySelectorAll('.mermaid:not([data-processed])') : [];
+  if (nodes.length > 0) {
+    mermaid.run({ nodes: Array.from(nodes) }).then(function() {
+      nodes.forEach(function(node) {
+        if (!node.querySelector('.mermaid-zoom-hint')) {
+          var hint = document.createElement('span');
+          hint.className = 'mermaid-zoom-hint';
+          hint.textContent = 'Click to expand';
+          node.appendChild(hint);
+        }
+      });
+    });
+  }
+};
+
+var drained = new Set();
+(window.__mermaidPending || []).forEach(function(c) {
+  if (!drained.has(c)) { drained.add(c); window.__renderMermaidIn(c); }
+});
+window.__mermaidPending = [];
+window.__mermaidReady = true;
+
+function renderActivePanels() {
+  document.querySelectorAll('.tab-panel.active').forEach(function(p) {
+    if (!drained.has(p)) { drained.add(p); window.__renderMermaidIn(p); }
+  });
+}
+if (document.readyState === 'loading') {
+  document.addEventListener('DOMContentLoaded', renderActivePanels);
+} else {
+  renderActivePanels();
+}
+</script>
+</head><body>
+<div id="diagram-lightbox" class="diagram-lightbox" role="dialog" aria-modal="true">
+  <button class="diagram-lightbox-close" id="diagram-lightbox-close" aria-label="Close">&#x2715;</button>
+  <div class="diagram-lightbox-hint">Scroll to zoom &nbsp;&middot;&nbsp; Drag to pan &nbsp;&middot;&nbsp; Double-click to reset</div>
+  <div class="diagram-lightbox-inner" id="diagram-lightbox-inner"></div>
+</div>
+<div class="main">
+<h1>photo-album</h1>
+<div class="report-card">
+  <h2>Application Information</h2>
+  <div class="report-card-body">
+    <div class="app-info-container">
+      <div class="app-info-column">
+        <div class="app-info-row"><span class="app-info-label">Application Name</span><span class="app-info-value">photo-album</span></div>
+        <div class="app-info-row"><span class="app-info-label">Java Version</span><span class="app-info-value">1.8</span></div>
+        <div class="app-info-row"><span class="app-info-label">Effort</span><span class="app-info-value" id="effort-display">L (total story points: 51)</span></div>
+      </div>
+      <div class="app-info-column">
+        <div class="app-info-row"><span class="app-info-label">Build Tools</span><span class="app-info-value">Maven</span></div>
+        <div class="app-info-row"><span class="app-info-label">Frameworks</span><span class="app-info-value">Spring Boot, Spring</span></div>
+      </div>
+    </div>
+  </div>
+</div>
+<nav class="tab-nav">
+  <button class="tab-btn active" data-tab="tab-issues" data-tooltip="Issues detected in the source code">Issues</button>
+  <button class="tab-btn" data-tab="tab-arch" data-tooltip="How the app&#x27;s layers connect — from UI to data.">Architecture</button>
+  <button class="tab-btn" data-tab="tab-api" data-tooltip="Endpoints exposed by this app and how services communicate.">API Contracts</button>
+  <button class="tab-btn" data-tab="tab-config" data-tooltip="Environment settings, runtime profiles, and deployment manifests.">Configuration</button>
+  <button class="tab-btn" data-tab="tab-workflows" data-tooltip="Domain entities and the core flows users move through.">Business Workflows</button>
+  <button class="tab-btn" data-tab="tab-deps" data-tooltip="Libraries and frameworks this app depends on, grouped by category.">Dependencies</button>
+  <button class="tab-btn" data-tab="tab-data" data-tooltip="Database schema, entity relationships, and persistence behavior.">Data Model</button>
+</nav>
+<div id="tab-issues" class="tab-panel active">
+<div class="target-select-container">
+  <label for="target-select">Target Compute Service:</label>
+  <select id="target-select" onchange="onTargetChange(this.value)">
+    <option value="azure-container-apps">Azure Container Apps</option>
+    <option value="azure-aks">Azure Kubernetes Service</option>
+    <option value="azure-appservice">Azure App Service</option>
+  </select>
+</div>
+<div class="report-card">
+  <h2>Issue Summary</h2>
+  <div class="report-card-body">
+    <div class="domain-summary-container" id="donut-container">
+      <div class="domain-summary-item">
+<svg viewBox="0 0 100 100" width="100" height="100" style="display:block;margin:0 auto;transform:rotate(-90deg);">
+  <circle cx="50" cy="50" r="35" fill="none" stroke="var(--color-potential)" stroke-width="15" stroke-dasharray="219.91 219.91" stroke-dashoffset="-0.00"/>
+</svg>
+
+        <h3>Cloud Readiness</h3>
+        <div class="count">5 issues</div>
+      </div>
+      <div class="domain-summary-item">
+<svg viewBox="0 0 100 100" width="100" height="100" style="display:block;margin:0 auto;transform:rotate(-90deg);">
+  <circle cx="50" cy="50" r="35" fill="none" stroke="var(--color-mandatory)" stroke-width="15" stroke-dasharray="163.43 219.91" stroke-dashoffset="-0.00"/>
+  <circle cx="50" cy="50" r="35" fill="none" stroke="var(--color-optional)" stroke-width="15" stroke-dasharray="53.48 219.91" stroke-dashoffset="-164.93"/>
+</svg>
+
+        <h3>Java Upgrade</h3>
+        <div class="count">4 issues</div>
+      </div>
+    </div>
+    <div class="criticality-legend">
+      <div class="legend-item"><span class="legend-swatch" style="background:var(--color-mandatory)"></span>Mandatory</div>
+      <div class="legend-item"><span class="legend-swatch" style="background:var(--color-potential)"></span>Potential</div>
+      <div class="legend-item"><span class="legend-swatch" style="background:var(--color-optional)"></span>Optional</div>
+    </div>
+  </div>
+</div>
+<div class="filter-bar" id="filter-bar">
+  <div class="multi-select" id="domain-ms">
+    <button class="multi-select-btn" onclick="toggleMultiSelect('domain-ms')">Domain</button>
+    <div class="multi-select-dropdown">
+      <label class="multi-select-option"><input type="checkbox" value="cloud-readiness" onchange="onMultiSelectChange('domain-ms','Domain')"/> Cloud Readiness</label>
+      <label class="multi-select-option"><input type="checkbox" value="java-upgrade" onchange="onMultiSelectChange('domain-ms','Domain')"/> Java Upgrade</label>
+    </div>
+  </div>
+  <div class="multi-select" id="criticality-ms">
+    <button class="multi-select-btn" onclick="toggleMultiSelect('criticality-ms')">Criticality</button>
+    <div class="multi-select-dropdown">
+      <label class="multi-select-option"><input type="checkbox" value="mandatory" onchange="onMultiSelectChange('criticality-ms','Criticality')"/> Mandatory</label>
+      <label class="multi-select-option"><input type="checkbox" value="potential" onchange="onMultiSelectChange('criticality-ms','Criticality')"/> Potential</label>
+      <label class="multi-select-option"><input type="checkbox" value="optional" onchange="onMultiSelectChange('criticality-ms','Criticality')"/> Optional</label>
+    </div>
+  </div>
+  <a class="clear-filters" href="javascript:void(0)" onclick="clearAllFilters()">Clear all</a>
+</div>
+<div class="issue-section" data-domain="cloud-readiness">
+  <h2>Cloud Readiness</h2>
+  <table class="issue-table">
+    <colgroup><col class="col-issue"/><col class="col-criticality"/><col class="col-storypoint"/></colgroup>
+    <thead><tr><th>Issue Category</th><th>Criticality</th><th>Story Point</th></tr></thead>
+    <tbody>
+    <tr class="issue-row" data-criticality="potential" data-targets='{&quot;azure-aks&quot;:{&quot;effort&quot;:8,&quot;severity&quot;:&quot;potential&quot;},&quot;azure-appservice&quot;:{&quot;effort&quot;:8,&quot;severity&quot;:&quot;potential&quot;},&quot;azure-container-apps&quot;:{&quot;effort&quot;:8,&quot;severity&quot;:&quot;potential&quot;}}' data-default-effort="8" data-default-severity="potential" data-rule="azure-database-microsoft-oracle-07000" onclick="toggleRow('row-cloudreadiness-0', this)" style="cursor:pointer;">
+      <td style="white-space:normal;"><div class="issue-title-cell"><button class="expand-btn" id="btn-row-cloudreadiness-0">&#x276F;</button> Oracle database found</div></td>
+      <td class="crit-cell"><span class="crit-label"><span class="crit-square crit-square-potential"></span>Potential</span></td>
+      <td class="sp-cell">8</td>
+    </tr>
+    <tr class="detail-row" id="row-cloudreadiness-0" style="display:none;">
+      <td colspan="3">
+        <div class="detail-content">
+          <div class="file-list">
+            <table><colgroup><col style="width:70%"/><col style="width:30%"/></colgroup>
+            <thead><tr><th>File</th><th>Position</th></tr></thead><tbody>
+            <tr><td><span class="file-path" title="pom.xml">pom.xml</span></td><td><span class="position">Line 52</span></td></tr>
+            <tr><td><span class="file-path" title="src/main/resources/application.properties">src/main/resources/application.properties</span></td><td><span class="position">Line 10</span></td></tr>
+            <tr><td><span class="file-path" title="docker-compose.yml">docker-compose.yml</span></td><td><span class="position">Line 32</span></td></tr>
+            <tr><td><span class="file-path" title="src/main/resources/application-docker.properties">src/main/resources/application-docker.properties</span></td><td><span class="position">Line 2</span></td></tr>
+            <tr><td><span class="file-path" title="src/main/resources/application-docker.properties">src/main/resources/application-docker.properties</span></td><td><span class="position">Line 5</span></td></tr>
+            <tr><td><span class="file-path" title="src/main/resources/application.properties">src/main/resources/application.properties</span></td><td><span class="position">Line 13</span></td></tr>
+            </tbody></table>
+          </div>
+          <div class="explanation-panel">
+            <h4>Explanation</h4>
+            <div><p>Oracle database found. To migrate a Java application that uses an Oracle database to Azure, you can follow these recommendations:</p><p> * <strong>Migrate to Azure Database for PostgreSQL</strong>: Azure recommends migrating Oracle databases to Azure Database for PostgreSQL Flexible Server as it provides better cost-effectiveness and performance. Create a managed PostgreSQL Flexible Server database in Azure and choose the appropriate pricing tier based on your application&#x27;s requirements.</p><p> * <strong>Use migration tools</strong>: Utilize the Azure Database Migration Service (DMS) or third-party tools to migrate your Oracle database schema and data to PostgreSQL. Consider using ora2pg or similar tools to convert Oracle-specific SQL to PostgreSQL-compatible SQL.</p><p> * <strong>Update database drivers and connection strings</strong>: Replace Oracle JDBC drivers with PostgreSQL drivers in your Java application. Update connection strings from Oracle format (jdbc:oracle:thin:) to PostgreSQL format (jdbc:postgresql:).</p><p> * <strong>Review and convert Oracle-specific code</strong>: Identify and convert Oracle-specific SQL functions, stored procedures, and PL/SQL code to PostgreSQL equivalents. Pay attention to data types, syntax differences, and built-in functions.</p><p> * Enable <strong>monitoring and diagnostics</strong>: Utilize Azure Monitor to gain insights into the performance and health of your Java application and the underlying PostgreSQL database. Set up metrics, alerts, and log analytics to proactively identify and resolve issues.</p><p> * Implement <strong>security</strong> measures: Apply security best practices to protect your Java application and the PostgreSQL database. This includes implementing authentication and authorization mechanisms with passwordless connections and leveraging Microsoft Defender for Cloud for threat detection and vulnerability assessments.</p><p> * <strong>Backup</strong> your data: Azure Database for PostgreSQL provides automated backups by default. You can configure the retention period for backups based on your requirements. You can also enable geo-redundant backups, if needed, to enhance data durability and availability.</p></div>
+          </div>
+        </div>
+      </td>
+    </tr>
+    <tr class="issue-row" data-criticality="potential" data-targets='{&quot;azure-aks&quot;:{&quot;effort&quot;:3,&quot;severity&quot;:&quot;potential&quot;},&quot;azure-appservice&quot;:{&quot;effort&quot;:3,&quot;severity&quot;:&quot;potential&quot;},&quot;azure-container-apps&quot;:{&quot;effort&quot;:3,&quot;severity&quot;:&quot;potential&quot;}}' data-default-effort="3" data-default-severity="potential" data-rule="azure-password-01000" onclick="toggleRow('row-cloudreadiness-1', this)" style="cursor:pointer;">
+      <td style="white-space:normal;"><div class="issue-title-cell"><button class="expand-btn" id="btn-row-cloudreadiness-1">&#x276F;</button> Password found in configuration file</div></td>
+      <td class="crit-cell"><span class="crit-label"><span class="crit-square crit-square-potential"></span>Potential</span></td>
+      <td class="sp-cell">3</td>
+    </tr>
+    <tr class="detail-row" id="row-cloudreadiness-1" style="display:none;">
+      <td colspan="3">
+        <div class="detail-content">
+          <div class="file-list">
+            <table><colgroup><col style="width:70%"/><col style="width:30%"/></colgroup>
+            <thead><tr><th>File</th><th>Position</th></tr></thead><tbody>
+            <tr><td><span class="file-path" title="src/test/resources/application-test.properties">src/test/resources/application-test.properties</span></td><td><span class="position">Line 5</span></td></tr>
+            <tr><td><span class="file-path" title="src/main/resources/application-docker.properties">src/main/resources/application-docker.properties</span></td><td><span class="position">Line 4</span></td></tr>
+            <tr><td><span class="file-path" title="src/main/resources/application.properties">src/main/resources/application.properties</span></td><td><span class="position">Line 12</span></td></tr>
+            </tbody></table>
+          </div>
+          <div class="explanation-panel">
+            <h4>Explanation</h4>
+            <div><p>Using clear passwords in property files is a security risk, as they can be easily compromised if the files are accessed by unauthorized individuals. To enhance the security of your application, it is recommended to employ secure credential management practices.</p><p> * <strong>Azure Key Vault</strong>: Utilize Azure Key Vault to securely store and manage your application&#x27;s passwords and other sensitive credentials. Azure Key Vault provides a centralized and highly secure location for storing secrets, keys, and certificates.</p><p> * <strong>Passwordless connections</strong>: You can provide an additional layer of security and convenience for accessing resources in Azure by eliminating the need for passwords. This way you can reduce the risk of password-related vulnerabilities, such as weak passwords or password theft.</p></div>
+          </div>
+        </div>
+      </td>
+    </tr>
+    <tr class="issue-row" data-criticality="potential" data-targets='{&quot;azure-container-apps&quot;:{&quot;effort&quot;:2,&quot;severity&quot;:&quot;potential&quot;}}' data-default-effort="2" data-default-severity="potential" data-rule="spring-boot-to-azure-restricted-config-01000" onclick="toggleRow('row-cloudreadiness-2', this)" style="cursor:pointer;">
+      <td style="white-space:normal;"><div class="issue-title-cell"><button class="expand-btn" id="btn-row-cloudreadiness-2">&#x276F;</button> Restricted configurations found</div></td>
+      <td class="crit-cell"><span class="crit-label"><span class="crit-square crit-square-potential"></span>Potential</span></td>
+      <td class="sp-cell">2</td>
+    </tr>
+    <tr class="detail-row" id="row-cloudreadiness-2" style="display:none;">
+      <td colspan="3">
+        <div class="detail-content">
+          <div class="file-list">
+            <table><colgroup><col style="width:70%"/><col style="width:30%"/></colgroup>
+            <thead><tr><th>File</th><th>Position</th></tr></thead><tbody>
+            <tr><td><span class="file-path" title="src/main/resources/application-docker.properties">src/main/resources/application-docker.properties</span></td><td><span class="position">Line 24</span></td></tr>
+            <tr><td><span class="file-path" title="src/main/resources/application.properties">src/main/resources/application.properties</span></td><td><span class="position">Line 2</span></td></tr>
+            </tbody></table>
+          </div>
+          <div class="explanation-panel">
+            <h4>Explanation</h4>
+            <div><p>The application uses restricted configurations for Azure Container Apps.<br/> These properties can be automatically injected into your application environment by Azure Container Apps to access managed Config Server and managed Eureka Server.<br/> Please remove them from your application, including configuration files, config server files, command line parameters, Java system attributes, and environment variables.</p><p> If configured in <strong>configuration files</strong>: they will be ignored and overrided by Azure Container Apps.</p><p> If configured in <strong>Config Server files</strong>, <strong>command line parameters</strong>, <strong>Java system attribute</strong>, <strong>environment variable</strong>: they need to be removed or you might experience conflicts and unexpected behavior.</p></div>
+          </div>
+        </div>
+      </td>
+    </tr>
+    <tr class="issue-row" data-criticality="potential" data-targets='{&quot;azure-aks&quot;:{&quot;effort&quot;:1,&quot;severity&quot;:&quot;potential&quot;},&quot;azure-appservice&quot;:{&quot;effort&quot;:1,&quot;severity&quot;:&quot;potential&quot;},&quot;azure-container-apps&quot;:{&quot;effort&quot;:1,&quot;severity&quot;:&quot;potential&quot;}}' data-default-effort="1" data-default-severity="potential" data-rule="spring-boot-to-azure-port-01000" onclick="toggleRow('row-cloudreadiness-3', this)" style="cursor:pointer;">
+      <td style="white-space:normal;"><div class="issue-title-cell"><button class="expand-btn" id="btn-row-cloudreadiness-3">&#x276F;</button> Server port configuration found</div></td>
+      <td class="crit-cell"><span class="crit-label"><span class="crit-square crit-square-potential"></span>Potential</span></td>
+      <td class="sp-cell">1</td>
+    </tr>
+    <tr class="detail-row" id="row-cloudreadiness-3" style="display:none;">
+      <td colspan="3">
+        <div class="detail-content">
+          <div class="file-list">
+            <table><colgroup><col style="width:70%"/><col style="width:30%"/></colgroup>
+            <thead><tr><th>File</th><th>Position</th></tr></thead><tbody>
+            <tr><td><span class="file-path" title="src/main/resources/application-docker.properties">src/main/resources/application-docker.properties</span></td><td><span class="position">Line 24</span></td></tr>
+            <tr><td><span class="file-path" title="src/main/resources/application.properties">src/main/resources/application.properties</span></td><td><span class="position">Line 2</span></td></tr>
+            </tbody></table>
+          </div>
+          <div class="explanation-panel">
+            <h4>Explanation</h4>
+            <div><p>The application is setting the server port. To migrate a Java application that sets the server port to Azure Container Apps:</p><p>Azure Container Apps allows you to expose port according to your Azure Container Apps resource configuration. For instance, a Spring Boot application listens to port of 8080 by default, but it can be set with server.port or environment variable SERVER_PORT as you need.</p></div>
+          </div>
+        </div>
+      </td>
+    </tr>
+    <tr class="issue-row" data-criticality="potential" data-targets='{&quot;azure-aks&quot;:{&quot;effort&quot;:5,&quot;severity&quot;:&quot;potential&quot;},&quot;azure-appservice&quot;:{&quot;effort&quot;:5,&quot;severity&quot;:&quot;potential&quot;},&quot;azure-container-apps&quot;:{&quot;effort&quot;:5,&quot;severity&quot;:&quot;potential&quot;}}' data-default-effort="5" data-default-severity="potential" data-rule="jakarta-database-00002" onclick="toggleRow('row-cloudreadiness-4', this)" style="cursor:pointer;">
+      <td style="white-space:normal;"><div class="issue-title-cell"><button class="expand-btn" id="btn-row-cloudreadiness-4">&#x276F;</button> Detects usage of Jakarta Persistence (JPA) APIs</div></td>
+      <td class="crit-cell"><span class="crit-label"><span class="crit-square crit-square-potential"></span>Potential</span></td>
+      <td class="sp-cell">5</td>
+    </tr>
+    <tr class="detail-row" id="row-cloudreadiness-4" style="display:none;">
+      <td colspan="3">
+        <div class="detail-content">
+          <div class="file-list">
+            <table><colgroup><col style="width:70%"/><col style="width:30%"/></colgroup>
+            <thead><tr><th>File</th><th>Position</th></tr></thead><tbody>
+            <tr><td><span class="file-path" title="pom.xml">pom.xml</span></td><td><span class="position">Line 46</span></td></tr>
+            </tbody></table>
+          </div>
+          <div class="explanation-panel">
+            <h4>Explanation</h4>
+            <div><p>The application depends on <strong>Jakarta Persistence (JPA)</strong> APIs (<code>jakarta.persistence.<em></code> or legacy <code>javax.persistence.</em></code>), which are used for object-relational mapping (ORM) and database interaction in Jakarta EE or Java EE applications.</p><p>When migrating to Azure:</p><ul><li>Ensure that the database connection, JPA provider (e.g., Hibernate, EclipseLink), and dialect are compatible with your target Azure database service.</li><li>Recommended database services include <strong>Azure Database for PostgreSQL</strong>, <strong>Azure Database for MySQL</strong>, or <strong>Azure SQL Database</strong>.</li><li>For containerized deployments, these JPA-based applications can run on <strong>Azure Kubernetes Service (AKS)</strong> or <strong>Azure App Service for Linux/Windows</strong>.</li><li>If using <strong>Spring Data JPA</strong>, verify that connection pool settings and environment variables are properly configured for the cloud environment.</li><li>Consider leveraging <strong>Azure Key Vault</strong> for secure storage of database credentials and connection strings.</li></ul></div>
+          </div>
+        </div>
+      </td>
+    </tr>
+    </tbody>
+  </table>
+</div>
+<div class="issue-section" data-domain="java-upgrade">
+  <h2>Java Upgrade</h2>
+  <table class="issue-table">
+    <colgroup><col class="col-issue"/><col class="col-criticality"/><col class="col-storypoint"/></colgroup>
+    <thead><tr><th>Issue Category</th><th>Criticality</th><th>Story Point</th></tr></thead>
+    <tbody>
+    <tr class="issue-row" data-criticality="mandatory" data-targets='{&quot;azure-aks&quot;:{&quot;effort&quot;:8,&quot;severity&quot;:&quot;mandatory&quot;},&quot;azure-appservice&quot;:{&quot;effort&quot;:8,&quot;severity&quot;:&quot;mandatory&quot;},&quot;azure-container-apps&quot;:{&quot;effort&quot;:8,&quot;severity&quot;:&quot;mandatory&quot;}}' data-default-effort="8" data-default-severity="mandatory" data-rule="spring-boot-to-azure-spring-boot-version-01000" onclick="toggleRow('row-javaupgrade-0', this)" style="cursor:pointer;">
+      <td style="white-space:normal;"><div class="issue-title-cell"><button class="expand-btn" id="btn-row-javaupgrade-0">&#x276F;</button> Spring Boot Version Has Reached the End of OSS Support</div></td>
+      <td class="crit-cell"><span class="crit-label"><span class="crit-square crit-square-mandatory"></span>Mandatory</span></td>
+      <td class="sp-cell">8</td>
+    </tr>
+    <tr class="detail-row" id="row-javaupgrade-0" style="display:none;">
+      <td colspan="3">
+        <div class="detail-content">
+          <div class="file-list">
+            <table><colgroup><col style="width:70%"/><col style="width:30%"/></colgroup>
+            <thead><tr><th>File</th><th>Position</th></tr></thead><tbody>
+            <tr><td><span class="file-path" title="pom.xml">pom.xml</span></td><td><span class="position">Line 34</span></td></tr>
+            <tr><td><span class="file-path" title="pom.xml">pom.xml</span></td><td><span class="position">Line 72</span></td></tr>
+            <tr><td><span class="file-path" title="pom.xml">pom.xml</span></td><td><span class="position">Line 78</span></td></tr>
+            <tr><td><span class="file-path" title="pom.xml">pom.xml</span></td><td><span class="position">Line 59</span></td></tr>
+            <tr><td><span class="file-path" title="pom.xml">pom.xml</span></td><td><span class="position">Line 46</span></td></tr>
+            <tr><td><span class="file-path" title="pom.xml">pom.xml</span></td><td><span class="position">Line 92</span></td></tr>
+            <tr><td><span class="file-path" title="pom.xml">pom.xml</span></td><td><span class="position">Line 40</span></td></tr>
+            </tbody></table>
+          </div>
+          <div class="explanation-panel">
+            <h4>Explanation</h4>
+            <div><p>The application is using a Spring Boot version that has reached its End of OSS Support.<br/>With the officially supported new versions from Spring, you can get the best experience. Here are some steps you can take to update your application to the latest version of Spring Boot:</p><ul><li>Choose a <strong>supported Spring Boot version</strong>: Check out Spring Boot Support Versions and determine the most suitable supported Spring Boot version.</li></ul><ul><li><strong>Update Spring Boot version</strong>: Update the Spring Boot version of your application. There are automated tools like Rewrite to help you with the migration.</li></ul><ul><li><strong>Address code compatibility</strong>: Review your application&#x27;s codebase for any potential compatibility issues with the target Spring Boot version. Update deprecated APIs or features, address any language or library changes, and ensure that your code follows best practices and standards.</li></ul><ul><li><strong>Test thoroughly</strong>: Execute a comprehensive testing process to verify the compatibility and functionality of your application with the new Spring Boot version. Perform unit tests, integration tests, and system tests to validate that all components and dependencies work as expected.</li></ul></div>
+          </div>
+        </div>
+      </td>
+    </tr>
+    <tr class="issue-row" data-criticality="mandatory" data-targets='{&quot;azure-aks&quot;:{&quot;effort&quot;:8,&quot;severity&quot;:&quot;mandatory&quot;},&quot;azure-appservice&quot;:{&quot;effort&quot;:8,&quot;severity&quot;:&quot;mandatory&quot;},&quot;azure-container-apps&quot;:{&quot;effort&quot;:8,&quot;severity&quot;:&quot;mandatory&quot;}}' data-default-effort="8" data-default-severity="mandatory" data-rule="spring-framework-version-01000" onclick="toggleRow('row-javaupgrade-1', this)" style="cursor:pointer;">
+      <td style="white-space:normal;"><div class="issue-title-cell"><button class="expand-btn" id="btn-row-javaupgrade-1">&#x276F;</button> Spring Framework Version Has Reached the End of OSS Support</div></td>
+      <td class="crit-cell"><span class="crit-label"><span class="crit-square crit-square-mandatory"></span>Mandatory</span></td>
+      <td class="sp-cell">8</td>
+    </tr>
+    <tr class="detail-row" id="row-javaupgrade-1" style="display:none;">
+      <td colspan="3">
+        <div class="detail-content">
+          <div class="file-list">
+            <table><colgroup><col style="width:70%"/><col style="width:30%"/></colgroup>
+            <thead><tr><th>File</th><th>Position</th></tr></thead><tbody>
+            <tr><td><span class="file-path" title="pom.xml">pom.xml</span></td><td><span class="position">Line 46</span></td></tr>
+            <tr><td><span class="file-path" title="pom.xml">pom.xml</span></td><td><span class="position">Line 78</span></td></tr>
+            <tr><td><span class="file-path" title="pom.xml">pom.xml</span></td><td><span class="position">Line 34</span></td></tr>
+            </tbody></table>
+          </div>
+          <div class="explanation-panel">
+            <h4>Explanation</h4>
+            <div><p>Your application is using a Spring Framework version that has reached its End of OSS Support.<br/>Upgrading to a supported version ensures better performance, security, and compatibility with modern tools.<br/>  1. Pick a Supported Version: Review the Spring Framework support policy and choose an actively supported version.<br/>  2. Update Your Project: Change the Spring Framework version in your pom.xml or build.gradle.<br/>  3. Fix Compatibility Issues: Update deprecated code, replace removed features, and ensure dependencies are compatible with the new Spring Framework version.<br/>  4. Thoroughly Test: Run unit, integration, and end-to-end tests to make sure everything still works after the upgrade.</p></div>
+          </div>
+        </div>
+      </td>
+    </tr>
+    <tr class="issue-row" data-criticality="mandatory" data-targets='{&quot;azure-aks&quot;:{&quot;effort&quot;:8,&quot;severity&quot;:&quot;mandatory&quot;},&quot;azure-appservice&quot;:{&quot;effort&quot;:8,&quot;severity&quot;:&quot;mandatory&quot;},&quot;azure-container-apps&quot;:{&quot;effort&quot;:8,&quot;severity&quot;:&quot;mandatory&quot;}}' data-default-effort="8" data-default-severity="mandatory" data-rule="azure-java-version-01000" onclick="toggleRow('row-javaupgrade-2', this)" style="cursor:pointer;">
+      <td style="white-space:normal;"><div class="issue-title-cell"><button class="expand-btn" id="btn-row-javaupgrade-2">&#x276F;</button> Java Version Has Reached the End of Support</div></td>
+      <td class="crit-cell"><span class="crit-label"><span class="crit-square crit-square-mandatory"></span>Mandatory</span></td>
+      <td class="sp-cell">8</td>
+    </tr>
+    <tr class="detail-row" id="row-javaupgrade-2" style="display:none;">
+      <td colspan="3">
+        <div class="detail-content">
+          <div class="file-list">
+            <table><colgroup><col style="width:70%"/><col style="width:30%"/></colgroup>
+            <thead><tr><th>File</th><th>Position</th></tr></thead><tbody>
+            <tr><td><span class="file-path" title="pom.xml">pom.xml</span></td><td><span class="position">Line 24</span></td></tr>
+            </tbody></table>
+          </div>
+          <div class="explanation-panel">
+            <h4>Explanation</h4>
+            <div><p>The application is using a Java version that has reached the end of support. It is strongly recommended to plan and execute a migration strategy to upgrade your application to a supported Java version.<br/>Supported Java versions receive long-term support (LTS) from the Java community, including bug fixes and updates. Migrating to a supported version provides you with a stable and well-maintained platform for your application.</p></div>
+          </div>
+        </div>
+      </td>
+    </tr>
+    <tr class="issue-row" data-criticality="optional" data-targets='{&quot;azure-aks&quot;:{&quot;effort&quot;:8,&quot;severity&quot;:&quot;optional&quot;},&quot;azure-appservice&quot;:{&quot;effort&quot;:8,&quot;severity&quot;:&quot;optional&quot;},&quot;azure-container-apps&quot;:{&quot;effort&quot;:8,&quot;severity&quot;:&quot;optional&quot;}}' data-default-effort="8" data-default-severity="optional" data-rule="azure-java-version-02000" onclick="toggleRow('row-javaupgrade-3', this)" style="cursor:pointer;">
+      <td style="white-space:normal;"><div class="issue-title-cell"><button class="expand-btn" id="btn-row-javaupgrade-3">&#x276F;</button> Java Version is not the latest LTS</div></td>
+      <td class="crit-cell"><span class="crit-label"><span class="crit-square crit-square-optional"></span>Optional</span></td>
+      <td class="sp-cell">8</td>
+    </tr>
+    <tr class="detail-row" id="row-javaupgrade-3" style="display:none;">
+      <td colspan="3">
+        <div class="detail-content">
+          <div class="file-list">
+            <table><colgroup><col style="width:70%"/><col style="width:30%"/></colgroup>
+            <thead><tr><th>File</th><th>Position</th></tr></thead><tbody>
+            <tr><td><span class="file-path" title="pom.xml">pom.xml</span></td><td><span class="position">Line 25</span></td></tr>
+            <tr><td><span class="file-path" title="pom.xml">pom.xml</span></td><td><span class="position">Line 26</span></td></tr>
+            </tbody></table>
+          </div>
+          <div class="explanation-panel">
+            <h4>Explanation</h4>
+            <div><p>The application is not using the latest LTS Java version. It is recommended to consider upgrading to the latest LTS version to take advantage of the newest language features, performance improvements, and extended support timelines.<br/>Upgrading to the latest LTS version ensures your application benefits from the most recent security enhancements and a longer support lifecycle.</p></div>
+          </div>
+        </div>
+      </td>
+    </tr>
+    </tbody>
+  </table>
+</div>
+</div><!-- #tab-issues -->
+<div id="tab-arch" class="tab-panel">
+  <div class="fact-content"><h1 id="architecture-diagram">Architecture Diagram</h1>
+<p>This application is a single Spring Boot web service that serves Thymeleaf pages and REST-style upload/file endpoints for photo management backed by an Oracle database.</p>
+<h2 id="application-architecture">Application Architecture</h2>
+<div class="mermaid">
+flowchart TD
+    subgraph Client["Client Layer"]
+        Browser["Web Browser"]
+    end
+
+    subgraph App["Application Layer - Spring Boot 2.7"]
+        MVC["Spring MVC Controllers"]
+        Views["Thymeleaf Templates"]
+        Service["PhotoService"]
+    end
+
+    subgraph Data["Data Layer"]
+        Repo["Spring Data JPA Repository"]
+        Oracle[("Oracle Database PHOTOS table")]
+        Blob[("BLOB photo data")]
+    end
+
+    Browser -->|"GET/POST requests"| MVC
+    MVC -->|"render views"| Views
+    MVC -->|"invoke business logic"| Service
+    Service -->|"CRUD and queries"| Repo
+    Repo -->|"SQL operations"| Oracle
+    Oracle -->|"stores image bytes"| Blob
+</div>
+<h3 id="technology-stack-summary">Technology Stack Summary</h3>
+<div class="table-wrap"><table><thead><tr>
+<th>Layer</th><th>Technology</th><th>Version</th><th>Purpose</th>
+</tr></thead><tbody>
+<tr><td>Presentation</td><td>Spring MVC + Thymeleaf</td><td>Spring Boot 2.7.18</td><td>Handles gallery UI and request routing</td></tr>
+<tr><td>Business</td><td>Spring Service + Validation</td><td>Spring Boot 2.7.18</td><td>Enforces upload rules and photo lifecycle operations</td></tr>
+<tr><td>Data Access</td><td>Spring Data JPA + Hibernate</td><td>Spring Boot 2.7.18</td><td>Repository abstraction and ORM integration</td></tr>
+<tr><td>Data Store</td><td>Oracle JDBC (<code>ojdbc8</code>)</td><td>Runtime dependency</td><td>Persistent storage for metadata and BLOB image data</td></tr>
+</tbody></table></div>
+<h3 id="data-storage-external-services">Data Storage & External Services</h3>
+<p>The primary runtime datastore is Oracle, with the <code>PHOTOS</code> table storing both metadata and raw image data in a BLOB column. Test executions use H2 in-memory storage via the test profile, and there are no outbound third-party API integrations in core request flows.</p>
+<h3 id="key-architectural-decisions">Key Architectural Decisions</h3>
+<ul>
+<li>Stores photo binary content directly in the database (<code>@Lob</code>) instead of serving from external object storage.</li>
+<li>Uses constructor injection and a thin-controller/service/repository layering to keep controller logic focused on HTTP concerns.</li>
+<li>Uses environment/profile-based datasource switching (<code>default</code>/<code>docker</code> runtime vs <code>test</code> profile with H2).</li>
+</ul>
+<h2 id="component-relationships">Component Relationships</h2>
+<div class="mermaid">
+flowchart LR
+    subgraph Presentation["Presentation"]
+        HomeCtrl["HomeController"]
+        DetailCtrl["DetailController"]
+        FileCtrl["PhotoFileController"]
+    end
+
+    subgraph Business["Business Logic"]
+        PhotoSvc["PhotoServiceImpl"]
+        UploadRes["UploadResult"]
+    end
+
+    subgraph DataAccess["Data Access"]
+        PhotoRepo["PhotoRepository"]
+        PhotoEntity["Photo Entity"]
+    end
+
+    subgraph Infra["Infrastructure"]
+        Tx["Spring Transactions"]
+        Log["SLF4J Logging"]
+        OracleDB["Oracle DB"]
+    end
+
+    HomeCtrl -->|"list/upload"| PhotoSvc
+    DetailCtrl -->|"detail/delete/navigation"| PhotoSvc
+    FileCtrl -->|"fetch bytes"| PhotoSvc
+    PhotoSvc -->|"save/query/delete"| PhotoRepo
+    PhotoRepo -->|"maps rows"| PhotoEntity
+    PhotoRepo -->|"native SQL"| OracleDB
+    Tx -.->|"transaction boundary"| PhotoSvc
+    Log -.->|"cross-cutting logs"| HomeCtrl
+    Log -.->|"cross-cutting logs"| DetailCtrl
+    Log -.->|"cross-cutting logs"| FileCtrl
+</div>
+<h3 id="component-inventory">Component Inventory</h3>
+<div class="table-wrap"><table><thead><tr>
+<th>Component</th><th>Layer</th><th>Type</th><th>Responsibility</th>
+</tr></thead><tbody>
+<tr><td>HomeController</td><td>Presentation</td><td>MVC Controller</td><td>Renders gallery and handles batch upload requests</td></tr>
+<tr><td>DetailController</td><td>Presentation</td><td>MVC Controller</td><td>Renders single photo detail and delete actions</td></tr>
+<tr><td>PhotoFileController</td><td>Presentation</td><td>MVC Controller</td><td>Streams image binary content for <code>/photo/{id}</code></td></tr>
+<tr><td>PhotoServiceImpl</td><td>Business Logic</td><td>Service</td><td>Validates files, handles photo persistence and navigation operations</td></tr>
+<tr><td>UploadResult</td><td>Business Logic</td><td>DTO</td><td>Captures per-file upload outcome for API responses</td></tr>
+<tr><td>PhotoRepository</td><td>Data Access</td><td>Spring Data Repository</td><td>Executes CRUD and custom Oracle-native queries</td></tr>
+<tr><td>Photo</td><td>Data Access</td><td>JPA Entity</td><td>Represents persisted photo metadata and image BLOB</td></tr>
+<tr><td>Spring Transactions</td><td>Infrastructure</td><td>Framework Concern</td><td>Ensures atomic writes and consistent data operations</td></tr>
+<tr><td>SLF4J Logging</td><td>Infrastructure</td><td>Cross-cutting Concern</td><td>Provides operational/error tracing across controllers and service</td></tr>
+</tbody></table></div>
+<pre><code>
+
+</code></pre></div>
+</div>
+<div id="tab-api" class="tab-panel">
+  <div class="fact-content"><h1 id="api-service-communication-contracts">API & Service Communication Contracts</h1>
+<p>The application exposes a compact HTTP surface with browser-facing endpoints for gallery browsing, upload, detail navigation, image retrieval, and deletion. Communication is synchronous within a single deployable service.</p>
+<h2 id="service-catalog">Service Catalog</h2>
+<div class="table-wrap"><table><thead><tr>
+<th>Service</th><th>Port</th><th>Category</th><th>Purpose</th>
+</tr></thead><tbody>
+<tr><td>photo-album (single Spring Boot module)</td><td>8080</td><td>Business</td><td>Serves UI pages, upload API, and image delivery endpoints</td></tr>
+</tbody></table></div>
+<h2 id="api-endpoints-inventory">API Endpoints Inventory</h2>
+<div class="table-wrap"><table><thead><tr>
+<th>Service</th><th>Method</th><th>Path</th><th>Request Type</th><th>Response Type</th>
+</tr></thead><tbody>
+<tr><td>photo-album (<code>HomeController</code>)</td><td>GET</td><td><code>/</code></td><td>No body</td><td>HTML view (<code>index</code>)</td></tr>
+<tr><td>photo-album (<code>HomeController</code>)</td><td>POST</td><td><code>/upload</code></td><td>Multipart <code>files[]</code></td><td>JSON map with <code>success</code>, <code>uploadedPhotos</code>, <code>failedUploads</code></td></tr>
+<tr><td>photo-album (<code>DetailController</code>)</td><td>GET</td><td><code>/detail/{id}</code></td><td>Path param <code>id</code></td><td>HTML view (<code>detail</code>) or redirect</td></tr>
+<tr><td>photo-album (<code>DetailController</code>)</td><td>POST</td><td><code>/detail/{id}/delete</code></td><td>Path param <code>id</code></td><td>Redirect to <code>/</code> with flash message</td></tr>
+<tr><td>photo-album (<code>PhotoFileController</code>)</td><td>GET</td><td><code>/photo/{id}</code></td><td>Path param <code>id</code></td><td>Binary resource with media type headers or 404/500</td></tr>
+</tbody></table></div>
+<h2 id="management-observability-endpoints">Management & Observability Endpoints</h2>
+<div class="table-wrap"><table><thead><tr>
+<th>Service</th><th>Endpoint</th><th>Custom Metrics (if any)</th>
+</tr></thead><tbody>
+<tr><td>photo-album</td><td>None explicitly declared in code/config</td><td>None detected</td></tr>
+</tbody></table></div>
+<h2 id="dtos-contracts">DTOs & Contracts</h2>
+<p>API contract objects include:</p>
+<ul>
+<li><code>UploadResult</code> (mutable POJO): service-level upload outcome object used to represent success/failure and associated photo id.</li>
+<li><code>Photo</code> (domain entity reused in API/view model): used for response data in controllers and template rendering.</li>
+<li>Upload response payload is composed as a dynamic <code>Map<String,Object></code> with uploaded/failed item lists.</li>
+</ul>
+<p>No OpenAPI/Swagger, GraphQL schema, or protobuf contract files were detected. Serialization relies on Spring Boot JSON/Jackson defaults.</p>
+<h2 id="communication-patterns">Communication Patterns</h2>
+<p>All service communication is synchronous request/response over HTTP between browser clients and the single backend service. Controllers delegate to <code>PhotoServiceImpl</code>, which performs transactional database work through <code>PhotoRepository</code>. No async messaging, circuit breaker, retry policy, or service discovery framework is present. API availability depends on datasource readiness; if Oracle is unavailable, persistence-backed operations fail. Security posture: no explicit authentication, authorization, or TLS enforcement is configured in application code.</p>
+<h2 id="service-technology-matrix">Service Technology Matrix</h2>
+<div class="table-wrap"><table><thead><tr>
+<th>Service</th><th>Web</th><th>Data Access</th><th>Discovery</th><th>Gateway</th><th>Actuator</th><th>Cache</th><th>Metrics</th>
+</tr></thead><tbody>
+<tr><td>photo-album</td><td>Spring MVC + Thymeleaf</td><td>Spring Data JPA / Hibernate / Oracle JDBC</td><td>None</td><td>None</td><td>None detected</td><td>None detected</td><td>None detected</td></tr>
+</tbody></table></div>
+<h2 id="service-communication-sequence">Service Communication Sequence</h2>
+<div class="mermaid">
+sequenceDiagram
+    participant User as "Browser Client"
+    participant Home as "HomeController"
+    participant Service as "PhotoServiceImpl"
+    participant Repo as "PhotoRepository"
+    participant DB as "Oracle Database"
+
+    User->>Home: POST /upload (multipart files)
+    Home->>Service: uploadPhoto(file)
+    Service->>Service: validate mime type and size
+    alt Validation passes
+        Service->>Repo: save(Photo)
+        Repo->>DB: INSERT photo metadata and BLOB
+        DB-->>Repo: persisted row
+        Repo-->>Service: saved Photo(id)
+        Service-->>Home: UploadResult success
+        Home-->>User: 200 JSON upload summary
+    else Validation fails
+        Service-->>Home: UploadResult failure
+        Home-->>User: 200 JSON with failedUploads
+    end
+</div></div>
+</div>
+<div id="tab-config" class="tab-panel">
+  <div class="fact-content"><h1 id="configuration-externalized-settings-inventory">Configuration & Externalized Settings Inventory</h1>
+<p>Configuration is primarily file-based with Spring properties for server, datasource, JPA, upload limits, and logging. Runtime behavior switches mainly through Spring profiles (<code>default</code>, <code>docker</code>, and <code>test</code>) and container environment overrides.</p>
+<h2 id="configuration-sources">Configuration Sources</h2>
+<div class="table-wrap"><table><thead><tr>
+<th>Source</th><th>Type</th><th>Path/Location</th><th>Notes</th>
+</tr></thead><tbody>
+<tr><td>Main Spring properties</td><td>Application config</td><td><code>src/main/resources/application.properties</code></td><td>Base server, datasource, JPA, upload, logging settings</td></tr>
+<tr><td>Docker profile properties</td><td>Application config</td><td><code>src/main/resources/application-docker.properties</code></td><td>Overrides for containerized runtime profile</td></tr>
+<tr><td>Test profile properties</td><td>Test config</td><td><code>src/test/resources/application-test.properties</code></td><td>H2 in-memory datasource for tests</td></tr>
+<tr><td>Docker Compose service env</td><td>Container runtime config</td><td><code>docker-compose.yml</code></td><td>Injects active profile and datasource credentials</td></tr>
+<tr><td>Docker image runtime options</td><td>Container startup config</td><td><code>Dockerfile</code></td><td>Defines <code>JAVA_OPTS</code> and jar startup command</td></tr>
+<tr><td>Azure setup env output</td><td>Provisioning config artifact</td><td><code>.env</code> (generated by <code>azure-setup.ps1</code>)</td><td>Script writes resource and DB environment values</td></tr>
+</tbody></table></div>
+<h2 id="build-profiles">Build Profiles</h2>
+<div class="table-wrap"><table><thead><tr>
+<th>Profile</th><th>Activation</th><th>Purpose</th><th>Key Dependencies/Plugins</th>
+</tr></thead><tbody>
+<tr><td>Maven default build</td><td>Standard <code>mvn</code> lifecycle</td><td>Build/packaging Spring Boot application jar</td><td><code>spring-boot-maven-plugin</code></td></tr>
+</tbody></table></div>
+<h2 id="runtime-profiles">Runtime Profiles</h2>
+<div class="table-wrap"><table><thead><tr>
+<th>Profile</th><th>Activation Method</th><th>Config Files</th><th>Key Overrides</th>
+</tr></thead><tbody>
+<tr><td>default</td><td>No explicit profile variable</td><td><code>application.properties</code></td><td>Oracle datasource, debug-level app logging</td></tr>
+<tr><td>docker</td><td><code>SPRING_PROFILES_ACTIVE=docker</code></td><td><code>application.properties</code> + <code>application-docker.properties</code></td><td>Docker-specific Oracle URL and adjusted logging levels</td></tr>
+<tr><td>test</td><td><code>@ActiveProfiles("test")</code> in tests</td><td><code>application-test.properties</code></td><td>H2 datasource and non-SQL logging for tests</td></tr>
+</tbody></table></div>
+<h2 id="properties-inventory">Properties Inventory</h2>
+<div class="table-wrap"><table><thead><tr>
+<th>Property Key</th><th>Default</th><th>Profiles</th><th>Source</th>
+</tr></thead><tbody>
+<tr><td><code>server.port</code></td><td><code>8080</code></td><td>default, docker</td><td>application properties files</td></tr>
+<tr><td><code>spring.datasource.url</code></td><td>Oracle JDBC URL</td><td>default, docker, test override</td><td>application / docker / test properties</td></tr>
+<tr><td><code>spring.datasource.username</code></td><td><code>photoalbum</code> (runtime), <code>sa</code> (test)</td><td>default, docker, test</td><td>application / docker / test properties</td></tr>
+<tr><td><code>spring.datasource.password</code></td><td>configured (runtime), blank (test)</td><td>default, docker, test</td><td>application / docker / test properties</td></tr>
+<tr><td><code>spring.jpa.hibernate.ddl-auto</code></td><td><code>create</code> (<code>create-drop</code> in test)</td><td>default, docker, test</td><td>application / docker / test properties</td></tr>
+<tr><td><code>spring.servlet.multipart.max-file-size</code></td><td><code>10MB</code></td><td>default, docker</td><td>application properties files</td></tr>
+<tr><td><code>spring.servlet.multipart.max-request-size</code></td><td><code>50MB</code></td><td>default, docker</td><td>application properties files</td></tr>
+<tr><td><code>app.file-upload.max-file-size-bytes</code></td><td><code>10485760</code></td><td>default, docker, test</td><td>application / docker / test properties</td></tr>
+<tr><td><code>app.file-upload.allowed-mime-types</code></td><td>jpeg/png/gif/webp list</td><td>default, docker, test</td><td>application / docker / test properties</td></tr>
+<tr><td><code>logging.level.com.photoalbum</code></td><td>DEBUG/INFO by profile</td><td>default, docker, test</td><td>application / docker / test properties</td></tr>
+</tbody></table></div>
+<h2 id="startup-parameters-resource-requirements">Startup Parameters & Resource Requirements</h2>
+<div class="table-wrap"><table><thead><tr>
+<th>Service</th><th>JVM/Runtime Options</th><th>Memory</th><th>Instance Count</th>
+</tr></thead><tbody>
+<tr><td>photo-album container</td><td><code>java $JAVA_OPTS -jar app.jar</code></td><td><code>JAVA_OPTS="-Xmx512m -Xms256m"</code> in Dockerfile</td><td>1 instance in docker-compose</td></tr>
+<tr><td>oracle-db container</td><td>Oracle image defaults</td><td>Not explicitly constrained in compose</td><td>1 instance in docker-compose</td></tr>
+</tbody></table></div>
+<h2 id="startup-dependency-chain">Startup Dependency Chain</h2>
+<ol>
+<li><code>oracle-db</code> starts first and must pass container health check.</li>
+<li><code>photoalbum-java-app</code> starts after <code>oracle-db</code> is healthy (<code>depends_on</code> with <code>condition: service_healthy</code>).</li>
+<li>Application handles requests after datasource initialization succeeds.</li>
+</ol>
+<h2 id="secrets-sensitive-configuration">Secrets & Sensitive Configuration</h2>
+<div class="table-wrap"><table><thead><tr>
+<th>Secret Reference</th><th>Type</th><th>Storage (masked)</th>
+</tr></thead><tbody>
+<tr><td><code>spring.datasource.password</code></td><td>Database credential</td><td>Application property / environment variable (<code>[MASKED]</code>)</td></tr>
+<tr><td><code>ORACLE_PASSWORD</code>, <code>APP_USER_PASSWORD</code></td><td>Container DB credential</td><td><code>docker-compose.yml</code> environment (<code>[MASKED]</code>)</td></tr>
+<tr><td><code>POSTGRES_PASSWORD</code> (script-generated)</td><td>Provisioning credential</td><td><code>.env</code> output from setup script (<code>[MASKED]</code>)</td></tr>
+</tbody></table></div>
+<h3 id="secrets-provisioning-workflow">Secrets Provisioning Workflow</h3>
+<p>Secrets are provided through local configuration files and environment variables. In local/container flows, docker-compose injects DB credentials directly to Oracle and the app service; in scripted Azure setup, credentials are generated/set and written to <code>.env</code> for subsequent use by tooling and deployment steps. No managed identity or external secret manager integration is declared in this repository.</p>
+<h2 id="feature-flags">Feature Flags</h2>
+<div class="table-wrap"><table><thead><tr>
+<th>Flag Name</th><th>Default</th><th>Controlled By</th>
+</tr></thead><tbody>
+<tr><td>None detected</td><td>N/A</td><td>N/A</td></tr>
+</tbody></table></div>
+<h2 id="framework-runtime-versions">Framework & Runtime Versions</h2>
+<div class="table-wrap"><table><thead><tr>
+<th>Component</th><th>Version</th><th>Source</th>
+</tr></thead><tbody>
+<tr><td>Spring Boot</td><td>2.7.18</td><td><code>pom.xml</code> parent</td></tr>
+<tr><td>Java target</td><td>8</td><td><code>pom.xml</code> properties and Docker base image</td></tr>
+<tr><td>Maven (build image)</td><td>3.9.6</td><td><code>Dockerfile</code> build stage</td></tr>
+<tr><td>Oracle JDBC driver</td><td><code>ojdbc8</code></td><td><code>pom.xml</code> dependency</td></tr>
+<tr><td>Container JRE</td><td>Eclipse Temurin 8 JRE</td><td><code>Dockerfile</code> runtime stage</td></tr>
+<tr><td>Oracle container DB</td><td><code>gvenzl/oracle-free:latest</code></td><td><code>docker-compose.yml</code></td></tr>
+</tbody></table></div></div>
+</div>
+<div id="tab-workflows" class="tab-panel">
+  <div class="fact-content"><h1 id="core-business-workflows">Core Business Workflows</h1>
+<p>The application enables users to upload, browse, inspect, and delete photos in a lightweight gallery experience. Core workflows focus on validating uploads and managing a photo collection lifecycle.</p>
+<h2 id="domain-entities">Domain Entities</h2>
+<div class="table-wrap"><table><thead><tr>
+<th>Entity</th><th>Service / Bounded Context</th><th>Description</th><th>Key Relationships</th>
+</tr></thead><tbody>
+<tr><td>Photo</td><td>Photo Management</td><td>Canonical record for stored image content and metadata</td><td>Used by upload, gallery listing, detail viewing, and deletion workflows</td></tr>
+<tr><td>UploadResult</td><td>Photo Management</td><td>Operation result object for per-file upload outcomes</td><td>Produced by upload workflow and aggregated into response payload</td></tr>
+</tbody></table></div>
+<h2 id="service-to-domain-mapping">Service-to-Domain Mapping</h2>
+<div class="table-wrap"><table><thead><tr>
+<th>Service</th><th>Domain Context</th><th>Owned Entities</th><th>External Dependencies</th>
+</tr></thead><tbody>
+<tr><td>photo-album</td><td>Photo Management</td><td><code>Photo</code>, <code>UploadResult</code></td><td>Oracle database via repository layer</td></tr>
+</tbody></table></div>
+<h2 id="primary-workflows">Primary Workflows</h2>
+<h3 id="workflow-1-upload-photos-to-gallery">Workflow 1: Upload Photos to Gallery</h3>
+<p>Entry point: <code>POST /upload</code></p>
+<ol>
+<li>User selects one or more files and submits upload.</li>
+<li>Service validates MIME type, file size, and non-empty content.</li>
+<li>Service extracts image dimensions and prepares persisted <code>Photo</code> entity.</li>
+<li>Repository saves metadata and binary content.</li>
+<li>Response aggregates successful and failed files for user feedback.</li>
+</ol>
+<h3 id="workflow-2-browse-view-detail-and-delete">Workflow 2: Browse, View Detail, and Delete</h3>
+<p>Entry points: <code>GET /</code>, <code>GET /detail/{id}</code>, <code>POST /detail/{id}/delete</code>, <code>GET /photo/{id}</code></p>
+<ol>
+<li>Gallery page requests photo list sorted by newest uploads.</li>
+<li>Detail page resolves specific photo plus previous/next navigation candidates.</li>
+<li>Binary endpoint streams image bytes for rendering.</li>
+<li>Delete action removes selected photo and returns to gallery with status message.</li>
+</ol>
+<h2 id="cross-service-data-flows">Cross-Service Data Flows</h2>
+<p>No cross-service composition is present. All workflow data is owned and served by a single service and one backing datastore, so business responses are assembled internally without downstream service joins or fallback routing.</p>
+<h2 id="business-workflow-sequence">Business Workflow Sequence</h2>
+<div class="mermaid">
+sequenceDiagram
+    participant User as "Gallery User"
+    participant UI as "HomeController"
+    participant Service as "PhotoServiceImpl"
+    participant Repo as "PhotoRepository"
+    participant DB as "Oracle Database"
+
+    User->>UI: Submit photo upload request
+    UI->>Service: Process uploaded files
+    Service->>Service: Validate file type and size rules
+    alt File valid
+        Service->>Repo: Save photo record
+        Repo->>DB: Persist metadata and image content
+        DB-->>Repo: Save successful
+        Repo-->>Service: Persisted photo id
+    else File invalid
+        Service-->>Service: Mark upload as failed
+    end
+    Service-->>UI: Return upload summary
+    UI-->>User: Show success/failure results in gallery
+</div>
+<h2 id="business-rules-decision-logic">Business Rules & Decision Logic</h2>
+<ul>
+<li>Uploads must be image MIME types from an allowed list and within configured maximum size.</li>
+<li>Empty files are rejected before persistence.</li>
+<li>Navigation logic selects previous/next photos based on upload timestamp ordering.</li>
+<li>Deletion only succeeds when the target photo exists; otherwise user receives not-found feedback.</li>
+<li>Transaction boundary is at service layer (<code>@Transactional</code>) to keep write operations consistent.</li>
+</ul></div>
+</div>
+<div id="tab-deps" class="tab-panel">
+  <div class="fact-content"><h1 id="dependency-map">Dependency Map</h1>
+<p>Photo Album declares 8 non-test dependencies and 2 test-scope dependencies in a single Maven module.</p>
+<h2 id="dependencies">Dependencies</h2>
+<div class="mermaid">
+flowchart LR
+    App["Photo Album"]
+    Parent["spring-boot-starter-parent 2.7.18"]
+
+    subgraph Web["Web Frameworks"]
+        WebStarter["spring-boot-starter-web"]
+        Thymeleaf["spring-boot-starter-thymeleaf"]
+    end
+
+    subgraph DB["Database / ORM"]
+        Jpa["spring-boot-starter-data-jpa"]
+        Ojdbc["ojdbc8 runtime"]
+    end
+
+    subgraph Sec["Security"]
+        Validation["spring-boot-starter-validation"]
+    end
+
+    subgraph Util["Utilities"]
+        CommonsIo["commons-io 2.11.0"]
+        Json["spring-boot-starter-json"]
+        Devtools["spring-boot-devtools optional"]
+    end
+
+    App -->|"managed by"| Parent
+    App -->|"web"| Web
+    App -->|"persistence"| DB
+    App -->|"validation"| Sec
+    App -->|"utilities"| Util
+    Parent -.->|"version management"| WebStarter
+    Parent -.->|"version management"| Thymeleaf
+    Parent -.->|"version management"| Jpa
+    Parent -.->|"version management"| Validation
+    Parent -.->|"version management"| Json
+    Parent -.->|"version management"| Devtools
+</div>
+<h3 id="dependency-summary">Dependency Summary</h3>
+<div class="table-wrap"><table><thead><tr>
+<th>Category</th><th>Count</th><th>Key Libraries</th><th>Notes</th>
+</tr></thead><tbody>
+<tr><td>Web Frameworks</td><td>2</td><td><code>spring-boot-starter-web</code>, <code>spring-boot-starter-thymeleaf</code></td><td>Server-rendered MVC application</td></tr>
+<tr><td>Database / ORM</td><td>2</td><td><code>spring-boot-starter-data-jpa</code>, <code>ojdbc8</code></td><td>JPA/Hibernate with Oracle runtime driver</td></tr>
+<tr><td>Security</td><td>1</td><td><code>spring-boot-starter-validation</code></td><td>Bean validation for upload constraints</td></tr>
+<tr><td>Utilities</td><td>3</td><td><code>commons-io</code>, <code>spring-boot-starter-json</code>, <code>spring-boot-devtools</code></td><td>JSON support, file IO helper, local dev hot reload</td></tr>
+</tbody></table></div>
+<h3 id="version-compatibility-risks">Version & Compatibility Risks</h3>
+<p>The project targets Java 8 and Spring Boot 2.7.x, both of which are older baselines for modernization. Oracle-specific native SQL in repositories and reliance on <code>ojdbc8</code> can increase migration effort if moving to another database engine or newer framework stack.</p>
+<h3 id="notable-observations">Notable Observations</h3>
+<ul>
+<li>Dependency versions are mostly managed by the Spring Boot parent BOM, reducing manual version drift risk.</li>
+<li>The runtime DB dependency is Oracle-specific, and several repository queries use Oracle syntax (<code>ROWNUM</code>, <code>NVL</code>, <code>TO_CHAR</code>).</li>
+<li>No dedicated observability or messaging libraries are declared; the system is a synchronous, single-service web app.</li>
+</ul>
+<h2 id="test-dependencies">Test Dependencies</h2>
+<div class="table-wrap"><table><thead><tr>
+<th>Framework</th><th>Version</th><th>Notes</th>
+</tr></thead><tbody>
+<tr><td>spring-boot-starter-test</td><td>Managed by Spring Boot 2.7.18</td><td>Includes JUnit 5 and Spring test support</td></tr>
+<tr><td>h2</td><td>Managed by Spring Boot 2.7.18</td><td>In-memory database used by <code>test</code> profile</td></tr>
+</tbody></table></div>
+<p>Total test-scope dependencies: 2</p>
+<p>The test stack is minimal but sufficient for context-load and repository-backed integration testing with an embedded DB.</p></div>
+</div>
+<div id="tab-data" class="tab-panel">
+  <div class="fact-content"><h1 id="data-architecture-persistence-layer">Data Architecture & Persistence Layer</h1>
+<p>The data layer centers on a single relational model for photo metadata and binary image content using JPA/Hibernate. Runtime persistence uses Oracle, while tests use an in-memory H2 profile.</p>
+<h2 id="database-configuration">Database Configuration</h2>
+<div class="table-wrap"><table><thead><tr>
+<th>Service/Module</th><th>DB Type</th><th>Profile</th><th>Driver</th><th>Connection</th><th>Migration Tool</th>
+</tr></thead><tbody>
+<tr><td>photo-album</td><td>Oracle</td><td>default</td><td>Oracle JDBC</td><td>Oracle service host and port in datasource URL</td><td>None detected</td></tr>
+<tr><td>photo-album</td><td>Oracle</td><td>docker</td><td>Oracle JDBC</td><td>Containerized Oracle endpoint in datasource URL</td><td>None detected</td></tr>
+<tr><td>photo-album (tests)</td><td>H2 in-memory</td><td>test</td><td>H2 Driver</td><td>In-memory JDBC URL</td><td>None detected</td></tr>
+</tbody></table></div>
+<h2 id="data-ownership-per-service">Data Ownership per Service</h2>
+<div class="table-wrap"><table><thead><tr>
+<th>Service</th><th>Tables Owned</th><th>ORM Framework</th><th>Caching</th><th>Notes</th>
+</tr></thead><tbody>
+<tr><td>photo-album</td><td><code>PHOTOS</code></td><td>Spring Data JPA / Hibernate</td><td>None detected</td><td>Stores both metadata and image BLOB in one table</td></tr>
+</tbody></table></div>
+<h2 id="entity-model">Entity Model</h2>
+<div class="mermaid">
+erDiagram
+    PHOTO {
+        string id PK
+        string originalFileName
+        bytes photoData
+        string storedFileName
+        string filePath
+        long fileSize
+        string mimeType
+        datetime uploadedAt
+        int width
+        int height
+    }
+</div>
+<h2 id="key-repository-methods">Key Repository Methods</h2>
+<div class="table-wrap"><table><thead><tr>
+<th>Service</th><th>Repository</th><th>Notable Methods</th><th>Purpose</th>
+</tr></thead><tbody>
+<tr><td>photo-album</td><td><code>PhotoRepository</code> (<code>src/main/java/com/photoalbum/repository/PhotoRepository.java</code>)</td><td><code>findAllOrderByUploadedAtDesc()</code></td><td>Returns gallery list newest first</td></tr>
+<tr><td>photo-album</td><td><code>PhotoRepository</code></td><td><code>findPhotosUploadedBefore(LocalDateTime)</code></td><td>Fetches older photos for previous navigation</td></tr>
+<tr><td>photo-album</td><td><code>PhotoRepository</code></td><td><code>findPhotosUploadedAfter(LocalDateTime)</code></td><td>Fetches newer photos for next navigation</td></tr>
+<tr><td>photo-album</td><td><code>PhotoRepository</code></td><td><code>findPhotosByUploadMonth(String,String)</code></td><td>Oracle-specific month filtering</td></tr>
+<tr><td>photo-album</td><td><code>PhotoRepository</code></td><td><code>findPhotosWithPagination(int,int)</code></td><td>Oracle <code>ROWNUM</code> pagination window</td></tr>
+<tr><td>photo-album</td><td><code>PhotoRepository</code></td><td><code>findPhotosWithStatistics()</code></td><td>Uses analytic functions for ranking and running totals</td></tr>
+</tbody></table></div>
+<h2 id="caching-strategy">Caching Strategy</h2>
+<p>No explicit cache provider or Spring cache annotations were found. Reads and writes are executed directly through repository/database access within transactional service methods.</p>
+<h2 id="data-ownership-boundaries">Data Ownership Boundaries</h2>
+<p>The application uses a shared single-database and single-service topology: one service both owns and accesses all persisted photo data. There is no cross-service data access pattern, CQRS split, or inter-service aggregation at the data layer.</p>
+<h3 id="data-classification-sensitivity">Data Classification & Sensitivity</h3>
+<div class="table-wrap"><table><thead><tr>
+<th>Entity</th><th>Sensitive Fields</th><th>Classification (PII/PHI/PCI/None)</th><th>Controls in Place</th>
+</tr></thead><tbody>
+<tr><td><code>Photo</code></td><td><code>originalFileName</code> (may contain user-identifying text), <code>photoData</code> (image content may include personal data)</td><td>PII (potential)</td><td>No explicit encryption-at-rest, masking, or field-level access control configured in code</td></tr>
+<tr><td><code>Photo</code></td><td>No payment or medical attributes detected</td><td>None for PCI/PHI</td><td>N/A</td></tr>
+</tbody></table></div></div>
+</div>
+<p class="footer">Your feedback is invaluable &mdash; <a href="https://aka.ms/ghcp-appmod/feedback">Share feedback</a></p>
+<script>
+function toggleRow(rowId, triggerRow) {
+  var detail = document.getElementById(rowId);
+  var btn = document.getElementById('btn-' + rowId);
+  if (!detail) return;
+  var visible = detail.style.display !== 'none';
+  detail.style.display = visible ? 'none' : 'table-row';
+  if (btn) btn.classList.toggle('open', !visible);
+}
+(function() {
+  var nav = document.querySelector('.tab-nav');
+  if (!nav) return;
+  nav.addEventListener('click', function(e) {
+    var btn = e.target.closest('.tab-btn');
+    if (!btn) return;
+    var targetId = btn.getAttribute('data-tab');
+    document.querySelectorAll('.tab-btn').forEach(function(b) { b.classList.remove('active'); });
+    document.querySelectorAll('.tab-panel').forEach(function(p) { p.classList.remove('active'); });
+    btn.classList.add('active');
+    var panel = document.getElementById(targetId);
+    if (panel) {
+      panel.classList.add('active');
+      if (window.__mermaidReady) { window.__renderMermaidIn(panel); }
+    }
+  });
+})();
+
+// ── Diagram lightbox ────────────────────────────────────────
+(function() {
+  var lightbox = document.getElementById('diagram-lightbox');
+  var inner = document.getElementById('diagram-lightbox-inner');
+  var closeBtn = document.getElementById('diagram-lightbox-close');
+  if (!lightbox || !inner || !closeBtn) return;
+
+  var scale = 1;
+  var translateX = 0;
+  var translateY = 0;
+  var isDragging = false;
+  var dragStartX = 0;
+  var dragStartY = 0;
+
+  function applyTransform() {
+    var svg = inner.querySelector('svg');
+    if (svg) {
+      svg.style.transform = 'translate(' + translateX + 'px, ' + translateY + 'px) scale(' + scale + ')';
+      svg.style.transformOrigin = 'center center';
+      svg.style.transition = 'none';
+    }
+  }
+
+  function resetTransform() {
+    scale = 1; translateX = 0; translateY = 0;
+    applyTransform();
+  }
+
+  function openLightbox(svgEl) {
+    inner.innerHTML = svgEl.outerHTML;
+    var injected = inner.querySelector('svg');
+    if (injected) {
+      injected.removeAttribute('width');
+      injected.removeAttribute('height');
+      injected.style.cursor = 'grab';
+    }
+    resetTransform();
+    lightbox.classList.add('open');
+    document.body.style.overflow = 'hidden';
+  }
+
+  function closeLightbox() {
+    lightbox.classList.remove('open');
+    inner.innerHTML = '';
+    document.body.style.overflow = '';
+    resetTransform();
+  }
+
+  inner.addEventListener('wheel', function(e) {
+    e.preventDefault();
+    var delta = e.deltaY > 0 ? 0.9 : 1.1;
+    scale = Math.min(Math.max(scale * delta, 0.3), 8);
+    applyTransform();
+  }, { passive: false });
+
+  inner.addEventListener('mousedown', function(e) {
+    if (e.button !== 0) return;
+    isDragging = true;
+    dragStartX = e.clientX - translateX;
+    dragStartY = e.clientY - translateY;
+    var svg = inner.querySelector('svg');
+    if (svg) { svg.style.cursor = 'grabbing'; }
+    e.preventDefault();
+  });
+
+  document.addEventListener('mousemove', function(e) {
+    if (!isDragging) return;
+    translateX = e.clientX - dragStartX;
+    translateY = e.clientY - dragStartY;
+    applyTransform();
+  });
+
+  document.addEventListener('mouseup', function() {
+    if (!isDragging) return;
+    isDragging = false;
+    var svg = inner.querySelector('svg');
+    if (svg) { svg.style.cursor = 'grab'; }
+  });
+
+  inner.addEventListener('dblclick', function() { resetTransform(); });
+
+  document.addEventListener('click', function(e) {
+    var card = e.target.closest('.mermaid');
+    if (!card) return;
+    if (e.target.closest('.diagram-lightbox-close')) return;
+    var svg = card.querySelector('svg');
+    if (svg) { openLightbox(svg); }
+  });
+
+  closeBtn.addEventListener('click', closeLightbox);
+
+  lightbox.addEventListener('click', function(e) {
+    if (e.target === lightbox) { closeLightbox(); }
+  });
+
+  document.addEventListener('keydown', function(e) {
+    if (e.key === 'Escape') { closeLightbox(); }
+  });
+})();
+
+var _currentTarget = '';
+
+function toggleMultiSelect(id) {
+  var el = document.getElementById(id);
+  if (!el) return;
+  document.querySelectorAll('.multi-select.open').forEach(function(ms) { if (ms.id !== id) ms.classList.remove('open'); });
+  el.classList.toggle('open');
+}
+
+document.addEventListener('click', function(e) {
+  if (!e.target.closest('.multi-select')) {
+    document.querySelectorAll('.multi-select.open').forEach(function(ms) { ms.classList.remove('open'); });
+  }
+});
+
+function getMultiSelectValues(msId) {
+  var el = document.getElementById(msId);
+  if (!el) return [];
+  var checked = el.querySelectorAll('input[type=checkbox]:checked');
+  var vals = [];
+  for (var i = 0; i < checked.length; i++) vals.push(checked[i].value);
+  return vals;
+}
+
+function onMultiSelectChange(msId, label) {
+  var el = document.getElementById(msId);
+  if (!el) return;
+  var vals = getMultiSelectValues(msId);
+  var total = el.querySelectorAll('input[type=checkbox]').length;
+  var btn = el.querySelector('.multi-select-btn');
+  if (btn) {
+    btn.textContent = vals.length > 0 && vals.length < total ? label + ' (' + vals.length + ')' : label;
+  }
+  applyFilters();
+}
+
+function applyFilters() {
+  var selectedDomains = getMultiSelectValues('domain-ms');
+  var selectedCrits = getMultiSelectValues('criticality-ms');
+
+  var sections = document.querySelectorAll('.issue-section');
+  for (var i = 0; i < sections.length; i++) {
+    var domain = sections[i].getAttribute('data-domain');
+    sections[i].style.display = (selectedDomains.length === 0 || selectedDomains.indexOf(domain) >= 0) ? '' : 'none';
+  }
+
+  var rows = document.querySelectorAll('.issue-row');
+  for (var i = 0; i < rows.length; i++) {
+    var row = rows[i];
+    var section = row.closest('.issue-section');
+    if (section && section.style.display === 'none') {
+      row.style.display = 'none';
+      var next = row.nextElementSibling;
+      if (next && next.classList.contains('detail-row')) next.style.display = 'none';
+      continue;
+    }
+
+    var show = true;
+    if (_currentTarget && row.hasAttribute('data-targets')) {
+      var targetsStr = row.getAttribute('data-targets');
+      if (targetsStr && targetsStr !== '{}') {
+        try {
+          var targets = JSON.parse(targetsStr);
+          if (Object.keys(targets).length > 0 && !targets[_currentTarget]) {
+            show = false;
+          }
+        } catch(e) {}
+      }
+    }
+
+    if (show && selectedCrits.length > 0) {
+      var crit = row.getAttribute('data-criticality');
+      if (selectedCrits.indexOf(crit) < 0) show = false;
+    }
+
+    row.style.display = show ? '' : 'none';
+    var nextRow = row.nextElementSibling;
+    if (nextRow && nextRow.classList.contains('detail-row')) {
+      if (!show) nextRow.style.display = 'none';
+    }
+  }
+}
+
+function clearAllFilters() {
+  document.querySelectorAll('.multi-select input[type=checkbox]').forEach(function(cb) { cb.checked = false; });
+  var domainBtn = document.querySelector('#domain-ms .multi-select-btn');
+  if (domainBtn) domainBtn.textContent = 'Domain';
+  var critBtn = document.querySelector('#criticality-ms .multi-select-btn');
+  if (critBtn) critBtn.textContent = 'Criticality';
+  applyFilters();
+}
+
+function onTargetChange(targetId) {
+  _currentTarget = targetId;
+  var rows = document.querySelectorAll('.issue-row[data-targets]');
+  var totalEffort = 0;
+  var domainCrits = {};
+
+  for (var i = 0; i < rows.length; i++) {
+    var row = rows[i];
+    var targets = JSON.parse(row.getAttribute('data-targets'));
+    var section = row.closest('.issue-section');
+    var domain = section ? section.getAttribute('data-domain') : '';
+
+    if (!targets || Object.keys(targets).length === 0) {
+      var sp = parseFloat(row.querySelector('.sp-cell').textContent) || 0;
+      totalEffort += sp;
+      if (!domainCrits[domain]) domainCrits[domain] = {mandatory:0,potential:0,optional:0};
+      var crit = row.getAttribute('data-criticality') || 'optional';
+      domainCrits[domain][crit] = (domainCrits[domain][crit] || 0) + 1;
+      continue;
+    }
+
+    var override = targets[targetId];
+    if (!override) {
+      continue;
+    }
+
+    var newSeverity = (override.severity || row.getAttribute('data-default-severity') || '').toLowerCase();
+    row.setAttribute('data-criticality', newSeverity);
+    var critCell = row.querySelector('.crit-cell');
+    if (critCell) {
+      var critText = newSeverity === 'mandatory' ? 'Mandatory' : newSeverity === 'potential' ? 'Potential' : 'Optional';
+      var cssClass = newSeverity === 'mandatory' ? 'crit-square-mandatory' : newSeverity === 'potential' ? 'crit-square-potential' : 'crit-square-optional';
+      critCell.innerHTML = '<span class="crit-label"><span class="crit-square ' + cssClass + '"></span>' + critText + '</span>';
+    }
+
+    var newEffort = override.effort !== undefined ? override.effort : parseFloat(row.getAttribute('data-default-effort')) || 0;
+    var spCell = row.querySelector('.sp-cell');
+    if (spCell) spCell.textContent = newEffort;
+    totalEffort += newEffort;
+
+    if (!domainCrits[domain]) domainCrits[domain] = {mandatory:0,potential:0,optional:0};
+    domainCrits[domain][newSeverity] = (domainCrits[domain][newSeverity] || 0) + 1;
+  }
+
+  var secSection = document.querySelector('.issue-section[data-domain="security"]');
+  if (secSection) {
+    var secRows = secSection.querySelectorAll('.issue-row');
+    for (var j = 0; j < secRows.length; j++) {
+      if (!secRows[j].hasAttribute('data-targets') || secRows[j].getAttribute('data-targets') === '') {
+        var sp = parseFloat(secRows[j].querySelector('.sp-cell').textContent) || 0;
+        totalEffort += sp;
+        if (!domainCrits['security']) domainCrits['security'] = {mandatory:0,potential:0,optional:0};
+        var sc = secRows[j].getAttribute('data-criticality') || 'optional';
+        domainCrits['security'][sc] = (domainCrits['security'][sc] || 0) + 1;
+      }
+    }
+  }
+
+  var label = totalEffort < 20 ? 'S' : totalEffort < 50 ? 'M' : totalEffort < 100 ? 'L' : 'XL';
+  var effortEl = document.getElementById('effort-display');
+  if (effortEl) effortEl.textContent = label + ' (total story points: ' + totalEffort + ')';
+
+  updateDonuts(domainCrits);
+  applyFilters();
+}
+
+function updateDonuts(domainCrits) {
+  var container = document.getElementById('donut-container');
+  if (!container) return;
+  container.innerHTML = '';
+  var domainNames = {'cloud-readiness':'Cloud Readiness','java-upgrade':'Java Upgrade','security':'Security'};
+  var domainOrder = ['cloud-readiness','java-upgrade','security'];
+  for (var d = 0; d < domainOrder.length; d++) {
+    var key = domainOrder[d];
+    var c = domainCrits[key];
+    if (!c || (c.mandatory + c.potential + c.optional) === 0) continue;
+    var total = c.mandatory + c.potential + c.optional;
+    var div = document.createElement('div');
+    div.className = 'domain-summary-item';
+    div.innerHTML = buildDonutSvg(c.mandatory, c.potential, c.optional) +
+      '<h3>' + domainNames[key] + '</h3>' +
+      '<div class="count">' + total + ' issue' + (total !== 1 ? 's' : '') + '</div>';
+    container.appendChild(div);
+  }
+}
+
+function buildDonutSvg(m, p, o) {
+  var total = m + p + o;
+  if (total === 0) return '<svg viewBox="0 0 100 100" width="100" height="100" style="display:block;margin:0 auto;"><circle cx="50" cy="50" r="35" fill="none" stroke="#d0d7de" stroke-width="15" opacity="0.5"/></svg>';
+  var r = 35, circ = 2 * Math.PI * r, offset = 0;
+  var svg = '<svg viewBox="0 0 100 100" width="100" height="100" style="display:block;margin:0 auto;transform:rotate(-90deg);">';
+  var segs = [{c:m,color:'var(--color-mandatory)'},{c:p,color:'var(--color-potential)'},{c:o,color:'var(--color-optional)'}];
+  for (var i = 0; i < segs.length; i++) {
+    if (segs[i].c === 0) continue;
+    var segLen = (segs[i].c / total) * circ;
+    var gap = total > segs[i].c ? 1.5 : 0;
+    var drawLen = Math.max(segLen - gap, 0.5);
+    svg += '<circle cx="50" cy="50" r="' + r + '" fill="none" stroke="' + segs[i].color + '" stroke-width="15" stroke-dasharray="' + drawLen.toFixed(2) + ' ' + circ.toFixed(2) + '" stroke-dashoffset="' + (-offset).toFixed(2) + '"/>';
+    offset += segLen;
+  }
+  svg += '</svg>';
+  return svg;
+}
+</script>
+<script>document.addEventListener('DOMContentLoaded', function() { onTargetChange('azure-container-apps'); });</script>
+</div></body></html>
diff --git a/.github/modernize/assessment/reports/report-20260521063406/report.json b/.github/modernize/assessment/reports/report-20260521063406/report.json
new file mode 100644
index 000000000..dfee7e5f0
--- /dev/null
+++ b/.github/modernize/assessment/reports/report-20260521063406/report.json
@@ -0,0 +1,1021 @@
+{
+  "version": "1.0.0",
+  "producer": "Java AppCAT CLI",
+  "metadata": {
+    "analysisStartTime": "2026-05-21T06:34:06.574215787Z",
+    "analysisEndTime": "2026-05-21T06:34:46.406537424Z",
+    "status": "Complete",
+    "privacyMode": "Protected",
+    "privacyModeHelpUrl": "https://aka.ms/appcat-privacy-mode",
+    "targetIds": [
+      "azure-container-apps",
+      "azure-aks",
+      "azure-appservice"
+    ],
+    "targetDisplayNames": [
+      "Azure Container Apps",
+      "Azure Kubernetes Service",
+      "Azure App Service"
+    ],
+    "capabilities": [],
+    "os": []
+  },
+  "summary": {
+    "totalProjects": 1,
+    "totalIssues": 9,
+    "totalIncidents": 27,
+    "totalEffort": 172,
+    "charts": {
+      "severity": {
+        "mandatory": 11,
+        "optional": 2,
+        "potential": 14,
+        "information": 0
+      },
+      "category": {
+        "database-migration": 6,
+        "framework-upgrade": 10,
+        "jakarta-migration": 1,
+        "java-version-upgrade": 3,
+        "local-credential": 3,
+        "spring-migration": 4
+      }
+    }
+  },
+  "projects": [
+    {
+      "path": ".",
+      "issues": 9,
+      "storyPoints": 172,
+      "properties": {
+        "appName": "photo-album",
+        "jdkVersion": "1.8",
+        "frameworks": [
+          "Spring Boot",
+          "Spring"
+        ],
+        "languages": [
+          "Java",
+          "Python"
+        ],
+        "tools": [
+          "Maven"
+        ]
+      },
+      "incidents": [
+        {
+          "ruleId": "spring-boot-to-azure-restricted-config-01000",
+          "incidentId": "5339c29e-1288-460c-ad1b-f5a7c3a92c86",
+          "location": "src/main/resources/application-docker.properties",
+          "locationKind": "File",
+          "line": 24,
+          "column": 0,
+          "targets": {
+            "azure-container-apps": {
+              "effort": 2,
+              "severity": "potential"
+            }
+          },
+          "labels": [
+            "type=violation",
+            "ruleset=azure/springboot"
+          ]
+        },
+        {
+          "ruleId": "spring-boot-to-azure-restricted-config-01000",
+          "incidentId": "8b7da11e-cadc-4600-a97c-55bb9144c563",
+          "location": "src/main/resources/application.properties",
+          "locationKind": "File",
+          "line": 2,
+          "column": 0,
+          "targets": {
+            "azure-container-apps": {
+              "effort": 2,
+              "severity": "potential"
+            }
+          },
+          "labels": [
+            "type=violation",
+            "ruleset=azure/springboot"
+          ]
+        },
+        {
+          "ruleId": "spring-boot-to-azure-spring-boot-version-01000",
+          "incidentId": "bf2a6c87-fc6e-4505-bfbd-522dacb383f4",
+          "location": "pom.xml",
+          "locationKind": "File",
+          "line": 34,
+          "column": 0,
+          "targets": {
+            "azure-aks": {
+              "effort": 8,
+              "severity": "mandatory"
+            },
+            "azure-appservice": {
+              "effort": 8,
+              "severity": "mandatory"
+            },
+            "azure-container-apps": {
+              "effort": 8,
+              "severity": "mandatory"
+            }
+          },
+          "labels": [
+            "type=violation",
+            "ruleset=azure/springboot"
+          ]
+        },
+        {
+          "ruleId": "spring-boot-to-azure-spring-boot-version-01000",
+          "incidentId": "b3f5a575-5060-40fd-9316-9cd5a4d98504",
+          "location": "pom.xml",
+          "locationKind": "File",
+          "line": 72,
+          "column": 0,
+          "targets": {
+            "azure-aks": {
+              "effort": 8,
+              "severity": "mandatory"
+            },
+            "azure-appservice": {
+              "effort": 8,
+              "severity": "mandatory"
+            },
+            "azure-container-apps": {
+              "effort": 8,
+              "severity": "mandatory"
+            }
+          },
+          "labels": [
+            "type=violation",
+            "ruleset=azure/springboot"
+          ]
+        },
+        {
+          "ruleId": "spring-boot-to-azure-spring-boot-version-01000",
+          "incidentId": "3e9b7c8f-ecf1-477f-bfb2-a947cc4a2ff1",
+          "location": "pom.xml",
+          "locationKind": "File",
+          "line": 78,
+          "column": 0,
+          "targets": {
+            "azure-aks": {
+              "effort": 8,
+              "severity": "mandatory"
+            },
+            "azure-appservice": {
+              "effort": 8,
+              "severity": "mandatory"
+            },
+            "azure-container-apps": {
+              "effort": 8,
+              "severity": "mandatory"
+            }
+          },
+          "labels": [
+            "type=violation",
+            "ruleset=azure/springboot"
+          ]
+        },
+        {
+          "ruleId": "spring-boot-to-azure-spring-boot-version-01000",
+          "incidentId": "42086582-92b4-47b8-9906-642c0b38052d",
+          "location": "pom.xml",
+          "locationKind": "File",
+          "line": 59,
+          "column": 0,
+          "targets": {
+            "azure-aks": {
+              "effort": 8,
+              "severity": "mandatory"
+            },
+            "azure-appservice": {
+              "effort": 8,
+              "severity": "mandatory"
+            },
+            "azure-container-apps": {
+              "effort": 8,
+              "severity": "mandatory"
+            }
+          },
+          "labels": [
+            "type=violation",
+            "ruleset=azure/springboot"
+          ]
+        },
+        {
+          "ruleId": "spring-boot-to-azure-spring-boot-version-01000",
+          "incidentId": "f10dd654-1ac2-446c-b754-60ada9c8b2a7",
+          "location": "pom.xml",
+          "locationKind": "File",
+          "line": 46,
+          "column": 0,
+          "targets": {
+            "azure-aks": {
+              "effort": 8,
+              "severity": "mandatory"
+            },
+            "azure-appservice": {
+              "effort": 8,
+              "severity": "mandatory"
+            },
+            "azure-container-apps": {
+              "effort": 8,
+              "severity": "mandatory"
+            }
+          },
+          "labels": [
+            "type=violation",
+            "ruleset=azure/springboot"
+          ]
+        },
+        {
+          "ruleId": "spring-boot-to-azure-spring-boot-version-01000",
+          "incidentId": "e07aaf50-b890-4814-b838-78dc28fa869c",
+          "location": "pom.xml",
+          "locationKind": "File",
+          "line": 92,
+          "column": 0,
+          "targets": {
+            "azure-aks": {
+              "effort": 8,
+              "severity": "mandatory"
+            },
+            "azure-appservice": {
+              "effort": 8,
+              "severity": "mandatory"
+            },
+            "azure-container-apps": {
+              "effort": 8,
+              "severity": "mandatory"
+            }
+          },
+          "labels": [
+            "type=violation",
+            "ruleset=azure/springboot"
+          ]
+        },
+        {
+          "ruleId": "spring-boot-to-azure-spring-boot-version-01000",
+          "incidentId": "66e37a78-4d70-4c60-9913-ad0d33efa71e",
+          "location": "pom.xml",
+          "locationKind": "File",
+          "line": 40,
+          "column": 0,
+          "targets": {
+            "azure-aks": {
+              "effort": 8,
+              "severity": "mandatory"
+            },
+            "azure-appservice": {
+              "effort": 8,
+              "severity": "mandatory"
+            },
+            "azure-container-apps": {
+              "effort": 8,
+              "severity": "mandatory"
+            }
+          },
+          "labels": [
+            "type=violation",
+            "ruleset=azure/springboot"
+          ]
+        },
+        {
+          "ruleId": "azure-database-microsoft-oracle-07000",
+          "incidentId": "0af2c545-7169-4d8c-ac88-6b7c56d97a9f",
+          "location": "pom.xml",
+          "locationKind": "File",
+          "line": 52,
+          "column": 0,
+          "targets": {
+            "azure-aks": {
+              "effort": 8,
+              "severity": "potential"
+            },
+            "azure-appservice": {
+              "effort": 8,
+              "severity": "potential"
+            },
+            "azure-container-apps": {
+              "effort": 8,
+              "severity": "potential"
+            }
+          },
+          "labels": [
+            "type=violation",
+            "ruleset=azure/springboot"
+          ]
+        },
+        {
+          "ruleId": "azure-database-microsoft-oracle-07000",
+          "incidentId": "9defd73b-7532-425e-be2e-c9b911f0c48b",
+          "location": "src/main/resources/application.properties",
+          "locationKind": "File",
+          "line": 10,
+          "column": 0,
+          "targets": {
+            "azure-aks": {
+              "effort": 8,
+              "severity": "potential"
+            },
+            "azure-appservice": {
+              "effort": 8,
+              "severity": "potential"
+            },
+            "azure-container-apps": {
+              "effort": 8,
+              "severity": "potential"
+            }
+          },
+          "labels": [
+            "type=violation",
+            "ruleset=azure/springboot"
+          ]
+        },
+        {
+          "ruleId": "azure-database-microsoft-oracle-07000",
+          "incidentId": "b4efee14-2634-4317-8fc3-88a95dad9caf",
+          "location": "docker-compose.yml",
+          "locationKind": "File",
+          "line": 32,
+          "column": 0,
+          "targets": {
+            "azure-aks": {
+              "effort": 8,
+              "severity": "potential"
+            },
+            "azure-appservice": {
+              "effort": 8,
+              "severity": "potential"
+            },
+            "azure-container-apps": {
+              "effort": 8,
+              "severity": "potential"
+            }
+          },
+          "labels": [
+            "type=violation",
+            "ruleset=azure/springboot"
+          ]
+        },
+        {
+          "ruleId": "azure-database-microsoft-oracle-07000",
+          "incidentId": "5ab2deac-c0fe-4db2-a45a-784c3f00c44f",
+          "location": "src/main/resources/application-docker.properties",
+          "locationKind": "File",
+          "line": 2,
+          "column": 0,
+          "targets": {
+            "azure-aks": {
+              "effort": 8,
+              "severity": "potential"
+            },
+            "azure-appservice": {
+              "effort": 8,
+              "severity": "potential"
+            },
+            "azure-container-apps": {
+              "effort": 8,
+              "severity": "potential"
+            }
+          },
+          "labels": [
+            "type=violation",
+            "ruleset=azure/springboot"
+          ]
+        },
+        {
+          "ruleId": "azure-database-microsoft-oracle-07000",
+          "incidentId": "69979f45-7b26-40ef-a932-e48bea1040ea",
+          "location": "src/main/resources/application-docker.properties",
+          "locationKind": "File",
+          "line": 5,
+          "column": 0,
+          "targets": {
+            "azure-aks": {
+              "effort": 8,
+              "severity": "potential"
+            },
+            "azure-appservice": {
+              "effort": 8,
+              "severity": "potential"
+            },
+            "azure-container-apps": {
+              "effort": 8,
+              "severity": "potential"
+            }
+          },
+          "labels": [
+            "type=violation",
+            "ruleset=azure/springboot"
+          ]
+        },
+        {
+          "ruleId": "azure-database-microsoft-oracle-07000",
+          "incidentId": "470012ec-79b8-4428-96d6-e374554c1bba",
+          "location": "src/main/resources/application.properties",
+          "locationKind": "File",
+          "line": 13,
+          "column": 0,
+          "targets": {
+            "azure-aks": {
+              "effort": 8,
+              "severity": "potential"
+            },
+            "azure-appservice": {
+              "effort": 8,
+              "severity": "potential"
+            },
+            "azure-container-apps": {
+              "effort": 8,
+              "severity": "potential"
+            }
+          },
+          "labels": [
+            "type=violation",
+            "ruleset=azure/springboot"
+          ]
+        },
+        {
+          "ruleId": "spring-framework-version-01000",
+          "incidentId": "e417fa8e-fdd0-4bdf-8d1b-e8d706717031",
+          "location": "pom.xml",
+          "locationKind": "File",
+          "line": 46,
+          "column": 0,
+          "targets": {
+            "azure-aks": {
+              "effort": 8,
+              "severity": "mandatory"
+            },
+            "azure-appservice": {
+              "effort": 8,
+              "severity": "mandatory"
+            },
+            "azure-container-apps": {
+              "effort": 8,
+              "severity": "mandatory"
+            }
+          },
+          "labels": [
+            "type=violation",
+            "ruleset=azure/springboot"
+          ]
+        },
+        {
+          "ruleId": "spring-framework-version-01000",
+          "incidentId": "39ec6c04-c8ac-46ed-9fcb-2317df2b6562",
+          "location": "pom.xml",
+          "locationKind": "File",
+          "line": 78,
+          "column": 0,
+          "targets": {
+            "azure-aks": {
+              "effort": 8,
+              "severity": "mandatory"
+            },
+            "azure-appservice": {
+              "effort": 8,
+              "severity": "mandatory"
+            },
+            "azure-container-apps": {
+              "effort": 8,
+              "severity": "mandatory"
+            }
+          },
+          "labels": [
+            "type=violation",
+            "ruleset=azure/springboot"
+          ]
+        },
+        {
+          "ruleId": "spring-framework-version-01000",
+          "incidentId": "ef63c09f-7fc8-4270-a52d-371c3c2ecd0d",
+          "location": "pom.xml",
+          "locationKind": "File",
+          "line": 34,
+          "column": 0,
+          "targets": {
+            "azure-aks": {
+              "effort": 8,
+              "severity": "mandatory"
+            },
+            "azure-appservice": {
+              "effort": 8,
+              "severity": "mandatory"
+            },
+            "azure-container-apps": {
+              "effort": 8,
+              "severity": "mandatory"
+            }
+          },
+          "labels": [
+            "type=violation",
+            "ruleset=azure/springboot"
+          ]
+        },
+        {
+          "ruleId": "azure-password-01000",
+          "incidentId": "5aa700fc-e9b3-4109-a641-d12c6cf3b7be",
+          "location": "src/test/resources/application-test.properties",
+          "locationKind": "File",
+          "line": 5,
+          "column": 0,
+          "targets": {
+            "azure-aks": {
+              "effort": 3,
+              "severity": "potential"
+            },
+            "azure-appservice": {
+              "effort": 3,
+              "severity": "potential"
+            },
+            "azure-container-apps": {
+              "effort": 3,
+              "severity": "potential"
+            }
+          },
+          "labels": [
+            "type=violation",
+            "ruleset=azure/springboot"
+          ]
+        },
+        {
+          "ruleId": "azure-password-01000",
+          "incidentId": "c7f9de9d-2dcf-4108-b3a8-756820aa7826",
+          "location": "src/main/resources/application-docker.properties",
+          "locationKind": "File",
+          "line": 4,
+          "column": 0,
+          "targets": {
+            "azure-aks": {
+              "effort": 3,
+              "severity": "potential"
+            },
+            "azure-appservice": {
+              "effort": 3,
+              "severity": "potential"
+            },
+            "azure-container-apps": {
+              "effort": 3,
+              "severity": "potential"
+            }
+          },
+          "labels": [
+            "type=violation",
+            "ruleset=azure/springboot"
+          ]
+        },
+        {
+          "ruleId": "azure-password-01000",
+          "incidentId": "b67e0c9f-86a8-4107-a7bc-152799fafc29",
+          "location": "src/main/resources/application.properties",
+          "locationKind": "File",
+          "line": 12,
+          "column": 0,
+          "targets": {
+            "azure-aks": {
+              "effort": 3,
+              "severity": "potential"
+            },
+            "azure-appservice": {
+              "effort": 3,
+              "severity": "potential"
+            },
+            "azure-container-apps": {
+              "effort": 3,
+              "severity": "potential"
+            }
+          },
+          "labels": [
+            "type=violation",
+            "ruleset=azure/springboot"
+          ]
+        },
+        {
+          "ruleId": "azure-java-version-01000",
+          "incidentId": "79dc55da-34a7-408d-96a6-7d3954588176",
+          "location": "pom.xml",
+          "locationKind": "File",
+          "line": 24,
+          "column": 0,
+          "targets": {
+            "azure-aks": {
+              "effort": 8,
+              "severity": "mandatory"
+            },
+            "azure-appservice": {
+              "effort": 8,
+              "severity": "mandatory"
+            },
+            "azure-container-apps": {
+              "effort": 8,
+              "severity": "mandatory"
+            }
+          },
+          "labels": [
+            "type=violation",
+            "ruleset=azure/springboot"
+          ]
+        },
+        {
+          "ruleId": "azure-java-version-02000",
+          "incidentId": "1b38e54b-939d-4f8b-a761-9e770f77d89b",
+          "location": "pom.xml",
+          "locationKind": "File",
+          "line": 25,
+          "column": 0,
+          "targets": {
+            "azure-aks": {
+              "effort": 8,
+              "severity": "optional"
+            },
+            "azure-appservice": {
+              "effort": 8,
+              "severity": "optional"
+            },
+            "azure-container-apps": {
+              "effort": 8,
+              "severity": "optional"
+            }
+          },
+          "labels": [
+            "type=violation",
+            "ruleset=azure/springboot"
+          ]
+        },
+        {
+          "ruleId": "azure-java-version-02000",
+          "incidentId": "5d28c961-cc46-40fd-b389-3c35f16f1f8e",
+          "location": "pom.xml",
+          "locationKind": "File",
+          "line": 26,
+          "column": 0,
+          "targets": {
+            "azure-aks": {
+              "effort": 8,
+              "severity": "optional"
+            },
+            "azure-appservice": {
+              "effort": 8,
+              "severity": "optional"
+            },
+            "azure-container-apps": {
+              "effort": 8,
+              "severity": "optional"
+            }
+          },
+          "labels": [
+            "type=violation",
+            "ruleset=azure/springboot"
+          ]
+        },
+        {
+          "ruleId": "spring-boot-to-azure-port-01000",
+          "incidentId": "e0cc4f59-64a6-45a9-998f-2fea624ebfa2",
+          "location": "src/main/resources/application-docker.properties",
+          "locationKind": "File",
+          "line": 24,
+          "column": 0,
+          "targets": {
+            "azure-aks": {
+              "effort": 1,
+              "severity": "potential"
+            },
+            "azure-appservice": {
+              "effort": 1,
+              "severity": "potential"
+            },
+            "azure-container-apps": {
+              "effort": 1,
+              "severity": "potential"
+            }
+          },
+          "labels": [
+            "type=violation",
+            "ruleset=azure/springboot"
+          ]
+        },
+        {
+          "ruleId": "spring-boot-to-azure-port-01000",
+          "incidentId": "d5504021-a9cc-4b36-90e9-c1d00b82a64d",
+          "location": "src/main/resources/application.properties",
+          "locationKind": "File",
+          "line": 2,
+          "column": 0,
+          "targets": {
+            "azure-aks": {
+              "effort": 1,
+              "severity": "potential"
+            },
+            "azure-appservice": {
+              "effort": 1,
+              "severity": "potential"
+            },
+            "azure-container-apps": {
+              "effort": 1,
+              "severity": "potential"
+            }
+          },
+          "labels": [
+            "type=violation",
+            "ruleset=azure/springboot"
+          ]
+        },
+        {
+          "ruleId": "jakarta-database-00002",
+          "incidentId": "fa3b84a2-0e8d-4249-891d-7449cba855ab",
+          "location": "pom.xml",
+          "locationKind": "File",
+          "line": 46,
+          "column": 0,
+          "targets": {
+            "azure-aks": {
+              "effort": 5,
+              "severity": "potential"
+            },
+            "azure-appservice": {
+              "effort": 5,
+              "severity": "potential"
+            },
+            "azure-container-apps": {
+              "effort": 5,
+              "severity": "potential"
+            }
+          },
+          "labels": [
+            "type=violation",
+            "ruleset=cloud-readiness"
+          ]
+        }
+      ]
+    }
+  ],
+  "rules": {
+    "azure-database-microsoft-oracle-07000": {
+      "id": "azure-database-microsoft-oracle-07000",
+      "description": "Oracle database found. To migrate a Java application that uses an Oracle database to Azure, you can follow these recommendations:\n\n * **Migrate to Azure Database for PostgreSQL**: Azure recommends migrating Oracle databases to Azure Database for PostgreSQL Flexible Server as it provides better cost-effectiveness and performance. Create a managed PostgreSQL Flexible Server database in Azure and choose the appropriate pricing tier based on your application's requirements.\n\n * **Use migration tools**: Utilize the Azure Database Migration Service (DMS) or third-party tools to migrate your Oracle database schema and data to PostgreSQL. Consider using ora2pg or similar tools to convert Oracle-specific SQL to PostgreSQL-compatible SQL.\n\n * **Update database drivers and connection strings**: Replace Oracle JDBC drivers with PostgreSQL drivers in your Java application. Update connection strings from Oracle format (jdbc:oracle:thin:) to PostgreSQL format (jdbc:postgresql:).\n\n * **Review and convert Oracle-specific code**: Identify and convert Oracle-specific SQL functions, stored procedures, and PL/SQL code to PostgreSQL equivalents. Pay attention to data types, syntax differences, and built-in functions.\n\n * Enable **monitoring and diagnostics**: Utilize Azure Monitor to gain insights into the performance and health of your Java application and the underlying PostgreSQL database. Set up metrics, alerts, and log analytics to proactively identify and resolve issues.\n\n * Implement **security** measures: Apply security best practices to protect your Java application and the PostgreSQL database. This includes implementing authentication and authorization mechanisms with passwordless connections and leveraging Microsoft Defender for Cloud for threat detection and vulnerability assessments.\n\n * **Backup** your data: Azure Database for PostgreSQL provides automated backups by default. You can configure the retention period for backups based on your requirements. You can also enable geo-redundant backups, if needed, to enhance data durability and availability.",
+      "title": "Oracle database found",
+      "severity": "potential",
+      "effort": 8,
+      "links": [
+        {
+          "url": "https://learn.microsoft.com/azure/postgresql",
+          "title": "Azure Database for PostgreSQL documentation"
+        },
+        {
+          "url": "https://learn.microsoft.com/azure/postgresql/migrate/how-to-migrate-oracle-ora2pg",
+          "title": "Oracle to PostgreSQL migration guide"
+        },
+        {
+          "url": "https://learn.microsoft.com/azure/dms",
+          "title": "Azure Database Migration Service documentation"
+        },
+        {
+          "url": "https://learn.microsoft.com/azure/azure-monitor",
+          "title": "Azure Monitor documentation"
+        },
+        {
+          "url": "https://learn.microsoft.com/azure/defender-for-cloud",
+          "title": "Microsoft Defender for Cloud"
+        }
+      ],
+      "labels": [
+        "target=azure-appservice",
+        "target=azure-aks",
+        "target=azure-container-apps",
+        "source",
+        "domain=cloud-readiness",
+        "category=database-migration",
+        "database",
+        "oracle",
+        "os=windows",
+        "os=linux"
+      ]
+    },
+    "azure-java-version-01000": {
+      "id": "azure-java-version-01000",
+      "description": "The application is using a Java version that has reached the end of support. It is strongly recommended to plan and execute a migration strategy to upgrade your application to a supported Java version.\nSupported Java versions receive long-term support (LTS) from the Java community, including bug fixes and updates. Migrating to a supported version provides you with a stable and well-maintained platform for your application.",
+      "title": "Java Version Has Reached the End of Support",
+      "severity": "mandatory",
+      "effort": 8,
+      "labels": [
+        "target=azure-appservice",
+        "target=azure-aks",
+        "target=azure-container-apps",
+        "source",
+        "domain=java-upgrade",
+        "category=java-version-upgrade",
+        "version",
+        "os=windows",
+        "os=linux"
+      ]
+    },
+    "azure-java-version-02000": {
+      "id": "azure-java-version-02000",
+      "description": "The application is not using the latest LTS Java version. It is recommended to consider upgrading to the latest LTS version to take advantage of the newest language features, performance improvements, and extended support timelines.\nUpgrading to the latest LTS version ensures your application benefits from the most recent security enhancements and a longer support lifecycle.",
+      "title": "Java Version is not the latest LTS",
+      "severity": "optional",
+      "effort": 8,
+      "labels": [
+        "target=azure-appservice",
+        "target=azure-aks",
+        "target=azure-container-apps",
+        "source",
+        "domain=java-upgrade",
+        "category=java-version-upgrade",
+        "version",
+        "os=windows",
+        "os=linux"
+      ]
+    },
+    "azure-password-01000": {
+      "id": "azure-password-01000",
+      "description": "Using clear passwords in property files is a security risk, as they can be easily compromised if the files are accessed by unauthorized individuals. To enhance the security of your application, it is recommended to employ secure credential management practices.\n\n * **Azure Key Vault**: Utilize Azure Key Vault to securely store and manage your application's passwords and other sensitive credentials. Azure Key Vault provides a centralized and highly secure location for storing secrets, keys, and certificates.\n\n * **Passwordless connections**: You can provide an additional layer of security and convenience for accessing resources in Azure by eliminating the need for passwords. This way you can reduce the risk of password-related vulnerabilities, such as weak passwords or password theft.",
+      "title": "Password found in configuration file",
+      "severity": "potential",
+      "effort": 3,
+      "links": [
+        {
+          "url": "https://learn.microsoft.com/azure/key-vault",
+          "title": "Azure Key Vault documentation"
+        },
+        {
+          "url": "https://learn.microsoft.com/azure/developer/intro/passwordless-overview",
+          "title": "Passwordless connections for Azure services"
+        },
+        {
+          "url": "https://learn.microsoft.com/azure/developer/java/migration/migrate-spring-boot-to-azure-container-apps#inventory-configuration-sources-and-secrets",
+          "title": "Password found in configuration file"
+        },
+        {
+          "url": "https://docs.microsoft.com/azure/developer/java/spring-framework/configure-spring-boot-starter-java-app-with-azure-key-vault",
+          "title": "Read a secret from Azure Key Vault in a Spring Boot application"
+        },
+        {
+          "url": "https://search.maven.org/artifact/com.azure.spring/azure-spring-boot-starter-keyvault-secrets",
+          "title": "Azure Spring Boot Starter for Azure Key Vault Secrets"
+        }
+      ],
+      "labels": [
+        "source",
+        "target=azure-appservice",
+        "target=azure-aks",
+        "target=azure-container-apps",
+        "domain=cloud-readiness",
+        "category=local-credential",
+        "password",
+        "security",
+        "os=windows",
+        "os=linux"
+      ]
+    },
+    "jakarta-database-00002": {
+      "id": "jakarta-database-00002",
+      "description": "The application depends on **Jakarta Persistence (JPA)** APIs (`jakarta.persistence.*` or legacy `javax.persistence.*`), which are used for object-relational mapping (ORM) and database interaction in Jakarta EE or Java EE applications.\n\nWhen migrating to Azure:\n- Ensure that the database connection, JPA provider (e.g., Hibernate, EclipseLink), and dialect are compatible with your target Azure database service.\n- Recommended database services include **Azure Database for PostgreSQL**, **Azure Database for MySQL**, or **Azure SQL Database**.\n- For containerized deployments, these JPA-based applications can run on **Azure Kubernetes Service (AKS)** or **Azure App Service for Linux/Windows**.\n- If using **Spring Data JPA**, verify that connection pool settings and environment variables are properly configured for the cloud environment.\n- Consider leveraging **Azure Key Vault** for secure storage of database credentials and connection strings.",
+      "title": "Detects usage of Jakarta Persistence (JPA) APIs",
+      "severity": "potential",
+      "effort": 5,
+      "links": [
+        {
+          "url": "https://jakarta.ee/specifications/persistence/",
+          "title": "Jakarta Persistence Specification"
+        },
+        {
+          "url": "https://learn.microsoft.com/en-us/azure/architecture/guide/technology-choices/data-stores-getting-started#common-database-scenarios",
+          "title": "Prepare to choose a data store in Azure"
+        }
+      ],
+      "labels": [
+        "source=java",
+        "source=java-ee",
+        "target=azure-aks",
+        "target=azure-container-apps",
+        "target=azure-appservice",
+        "domain=cloud-readiness",
+        "category=jakarta-migration",
+        "os=windows",
+        "os=linux"
+      ]
+    },
+    "spring-boot-to-azure-port-01000": {
+      "id": "spring-boot-to-azure-port-01000",
+      "description": "The application is setting the server port. To migrate a Java application that sets the server port to Azure Container Apps:\n\n * **Azure Container Apps allows you to expose port according to your Azure Container Apps resource configuration. For instance, a Spring Boot application listens to port of 8080 by default, but it can be set with server.port or environment variable SERVER_PORT as you need.",
+      "title": "Server port configuration found",
+      "severity": "potential",
+      "effort": 1,
+      "links": [
+        {
+          "url": "https://learn.microsoft.com/azure/developer/java/migration/migrate-spring-boot-to-azure-container-apps#identify-any-clients-relying-on-a-non-standard-port",
+          "title": "Identify any clients relying on a non-standard port"
+        }
+      ],
+      "labels": [
+        "source=springboot",
+        "target=azure-aks",
+        "target=azure-appservice",
+        "target=azure-container-apps",
+        "domain=cloud-readiness",
+        "category=spring-migration",
+        "port",
+        "server port",
+        "os=windows",
+        "os=linux"
+      ]
+    },
+    "spring-boot-to-azure-restricted-config-01000": {
+      "id": "spring-boot-to-azure-restricted-config-01000",
+      "description": "The application uses restricted configurations for Azure Container Apps.\n These properties can be automatically injected into your application environment by Azure Container Apps to access managed Config Server and managed Eureka Server.\n Please remove them from your application, including configuration files, config server files, command line parameters, Java system attributes, and environment variables.\n\n If configured in **configuration files**: they will be ignored and overrided by Azure Container Apps.\n \n If configured in **Config Server files**, **command line parameters**, **Java system attribute**, **environment variable**: they need to be removed or you might experience conflicts and unexpected behavior.",
+      "title": "Restricted configurations found",
+      "severity": "potential",
+      "effort": 2,
+      "links": [
+        {
+          "url": "https://learn.microsoft.com/azure/developer/java/migration/migrate-spring-cloud-to-azure-container-apps#remove-restricted-configurations",
+          "title": "Migrate Spring Boot applications to Azure Container Apps - Remove restricted configurations"
+        },
+        {
+          "url": "https://learn.microsoft.com/azure/container-apps/java-config-server?tabs=azure-cli",
+          "title": "Connect to a managed Config Server for Spring in Azure Container Apps"
+        },
+        {
+          "url": "https://learn.microsoft.com/azure/container-apps/java-eureka-server?tabs=azure-cli",
+          "title": "Connect to a managed Eureka Server for Spring in Azure Container Apps"
+        }
+      ],
+      "labels": [
+        "target=azure-container-apps",
+        "source=springboot",
+        "domain=cloud-readiness",
+        "category=spring-migration",
+        "os=windows",
+        "os=linux"
+      ]
+    },
+    "spring-boot-to-azure-spring-boot-version-01000": {
+      "id": "spring-boot-to-azure-spring-boot-version-01000",
+      "description": "The application is using a Spring Boot version that has reached its End of OSS Support.\nWith the officially supported new versions from Spring, you can get the best experience. Here are some steps you can take to update your application to the latest version of Spring Boot:\n\n* Choose a **supported Spring Boot version**: Check out Spring Boot Support Versions and determine the most suitable supported Spring Boot version.\n\n* **Update Spring Boot version**: Update the Spring Boot version of your application. There are automated tools like Rewrite to help you with the migration.\n\n* **Address code compatibility**: Review your application's codebase for any potential compatibility issues with the target Spring Boot version. Update deprecated APIs or features, address any language or library changes, and ensure that your code follows best practices and standards.\n\n* **Test thoroughly**: Execute a comprehensive testing process to verify the compatibility and functionality of your application with the new Spring Boot version. Perform unit tests, integration tests, and system tests to validate that all components and dependencies work as expected.",
+      "title": "Spring Boot Version Has Reached the End of OSS Support",
+      "severity": "mandatory",
+      "effort": 8,
+      "links": [
+        {
+          "url": "https://learn.microsoft.com/azure/developer/java/migration/migrate-spring-boot-to-azure-container-apps",
+          "title": "Migrate Spring Boot applications to Azure Container Apps"
+        },
+        {
+          "url": "https://learn.microsoft.com/azure/container-apps/java-microservice-get-started?tabs=azure-cli",
+          "title": "Launch your first Java microservice application with managed Java components in Azure Container Apps"
+        },
+        {
+          "url": "https://spring.io/projects/spring-boot/#support",
+          "title": "Spring Boot Supported Versions"
+        },
+        {
+          "url": "https://github.com/spring-projects/spring-boot/wiki/Supported-Versions",
+          "title": "Spring Boot Support Policy"
+        }
+      ],
+      "labels": [
+        "source=springboot",
+        "target=azure-appservice",
+        "target=azure-aks",
+        "target=azure-container-apps",
+        "domain=java-upgrade",
+        "category=framework-upgrade",
+        "version",
+        "os=windows",
+        "os=linux"
+      ]
+    },
+    "spring-framework-version-01000": {
+      "id": "spring-framework-version-01000",
+      "description": "Your application is using a Spring Framework version that has reached its End of OSS Support.\nUpgrading to a supported version ensures better performance, security, and compatibility with modern tools.\n  1. Pick a Supported Version: Review the Spring Framework support policy and choose an actively supported version.\n  2. Update Your Project: Change the Spring Framework version in your pom.xml or build.gradle.\n  3. Fix Compatibility Issues: Update deprecated code, replace removed features, and ensure dependencies are compatible with the new Spring Framework version.\n  4. Thoroughly Test: Run unit, integration, and end-to-end tests to make sure everything still works after the upgrade.",
+      "title": "Spring Framework Version Has Reached the End of OSS Support",
+      "severity": "mandatory",
+      "effort": 8,
+      "links": [
+        {
+          "url": "https://spring.io/projects/spring-framework#support",
+          "title": "Spring Framework Supported Versions"
+        },
+        {
+          "url": "https://github.com/spring-projects/spring-framework/wiki/Spring-Framework-Versions",
+          "title": "Spring Framework Support Policy"
+        }
+      ],
+      "labels": [
+        "source=spring",
+        "target=azure-appservice",
+        "target=azure-aks",
+        "target=azure-container-apps",
+        "domain=java-upgrade",
+        "category=framework-upgrade",
+        "version",
+        "os=windows",
+        "os=linux"
+      ]
+    }
+  }
+}
\ No newline at end of file
diff --git a/.github/modernize/assessment/reports/report-20260521063406/report.md b/.github/modernize/assessment/reports/report-20260521063406/report.md
new file mode 100644
index 000000000..60b0aa3bf
--- /dev/null
+++ b/.github/modernize/assessment/reports/report-20260521063406/report.md
@@ -0,0 +1,137 @@
+# photo-album
+
+## Summary
+
+| Metric | Value |
+|--------|-------|
+| Total Issues | 9 |
+| Mandatory Blockers | 3 |
+| Potential Issues | 5 |
+
+## Application Information
+
+| Property | Value |
+|----------|-------|
+| Language | Java, Python |
+| Frameworks | Spring Boot, Spring |
+| Build tools | Maven |
+| JDK version | 1.8 |
+
+## Cloud Readiness Issues
+
+| Issue Name | Criticality | Story Points | Occurrences |
+|------------|-------------|--------------|-------------|
+| Oracle database found | Potential | 8 | [6](#Oracle_database_found) |
+| Password found in configuration file | Potential | 3 | [3](#Password_found_in_configuration_file) |
+| Restricted configurations found | Potential | 2 | [2](#Restricted_configurations_found) |
+| Server port configuration found | Potential | 1 | [2](#Server_port_configuration_found) |
+| Detects usage of Jakarta Persistence (JPA) APIs | Potential | 5 | [1](#Detects_usage_of_Jakarta_Persistence_JPA_APIs) |
+
+### Issue Details
+
+<details id="Oracle_database_found">
+<summary><b>Oracle database found</b> — affected files</summary>
+
+- `pom.xml (line 52)`
+- `src/main/resources/application.properties (line 10)`
+- `docker-compose.yml (line 32)`
+- `src/main/resources/application-docker.properties (line 2)`
+- `src/main/resources/application-docker.properties (line 5)`
+- `src/main/resources/application.properties (line 13)`
+
+</details>
+
+<details id="Password_found_in_configuration_file">
+<summary><b>Password found in configuration file</b> — affected files</summary>
+
+- `src/test/resources/application-test.properties (line 5)`
+- `src/main/resources/application-docker.properties (line 4)`
+- `src/main/resources/application.properties (line 12)`
+
+</details>
+
+<details id="Restricted_configurations_found">
+<summary><b>Restricted configurations found</b> — affected files</summary>
+
+- `src/main/resources/application-docker.properties (line 24)`
+- `src/main/resources/application.properties (line 2)`
+
+</details>
+
+<details id="Server_port_configuration_found">
+<summary><b>Server port configuration found</b> — affected files</summary>
+
+- `src/main/resources/application-docker.properties (line 24)`
+- `src/main/resources/application.properties (line 2)`
+
+</details>
+
+<details id="Detects_usage_of_Jakarta_Persistence_JPA_APIs">
+<summary><b>Detects usage of Jakarta Persistence (JPA) APIs</b> — affected files</summary>
+
+- `pom.xml (line 46)`
+
+</details>
+
+## Upgrade Issues
+
+| Issue Name | Criticality | Story Points | Occurrences |
+|------------|-------------|--------------|-------------|
+| Spring Boot Version Has Reached the End of OSS Support | Mandatory | 8 | [7](#Spring_Boot_Version_Has_Reached_the_End_of_OSS_Support) |
+| Spring Framework Version Has Reached the End of OSS Support | Mandatory | 8 | [3](#Spring_Framework_Version_Has_Reached_the_End_of_OSS_Support) |
+| Java Version Has Reached the End of Support | Mandatory | 8 | [1](#Java_Version_Has_Reached_the_End_of_Support) |
+| Java Version is not the latest LTS | Optional | 8 | [2](#Java_Version_is_not_the_latest_LTS) |
+
+### Issue Details
+
+<details id="Spring_Boot_Version_Has_Reached_the_End_of_OSS_Support">
+<summary><b>Spring Boot Version Has Reached the End of OSS Support</b> — affected files</summary>
+
+- `pom.xml (line 34)`
+- `pom.xml (line 72)`
+- `pom.xml (line 78)`
+- `pom.xml (line 59)`
+- `pom.xml (line 46)`
+- `pom.xml (line 92)`
+- `pom.xml (line 40)`
+
+</details>
+
+<details id="Spring_Framework_Version_Has_Reached_the_End_of_OSS_Support">
+<summary><b>Spring Framework Version Has Reached the End of OSS Support</b> — affected files</summary>
+
+- `pom.xml (line 46)`
+- `pom.xml (line 78)`
+- `pom.xml (line 34)`
+
+</details>
+
+<details id="Java_Version_Has_Reached_the_End_of_Support">
+<summary><b>Java Version Has Reached the End of Support</b> — affected files</summary>
+
+- `pom.xml (line 24)`
+
+</details>
+
+<details id="Java_Version_is_not_the_latest_LTS">
+<summary><b>Java Version is not the latest LTS</b> — affected files</summary>
+
+- `pom.xml (line 25)`
+- `pom.xml (line 26)`
+
+</details>
+
+---
+
+## Codebase Insights
+
+> **Note:** These documents are generated by AI and may contain inaccuracies or incomplete information. Please review carefully.
+
+1. **[Architecture Diagram](facts/architecture-diagram.md)** — Understand the big picture: system layers and component relationships
+2. **[Dependency Map](facts/dependency-map.md)** — Know what the project depends on and where the risks are
+3. **[API & Service Contracts](facts/api-service-contracts.md)** — See how services communicate and what contracts they expose
+4. **[Data Architecture](facts/data-architecture.md)** — Explore data models, storage, and data flow patterns
+5. **[Configuration Inventory](facts/configuration-inventory.md)** — Review how the application is configured across environments
+6. **[Business Workflows](facts/business-workflows.md)** — Trace end-to-end business processes and domain logic
+
+[Share feedback](https://aka.ms/ghcp-appmod/feedback)