diff --git a/App/kernel-memory/extensions/AzureAIDocIntel/AzureAIDocIntelEngine.cs b/App/kernel-memory/extensions/AzureAIDocIntel/AzureAIDocIntelEngine.cs
index 49f3c2a7..a26cff7d 100644
--- a/App/kernel-memory/extensions/AzureAIDocIntel/AzureAIDocIntelEngine.cs
+++ b/App/kernel-memory/extensions/AzureAIDocIntel/AzureAIDocIntelEngine.cs
@@ -36,7 +36,7 @@ public AzureAIDocIntelEngine(
         switch (config.Auth)
         {
             case AzureAIDocIntelConfig.AuthTypes.AzureIdentity:
-                this._recognizerClient = new DocumentAnalysisClient(new Uri(config.Endpoint), new DefaultAzureCredential());
+                this._recognizerClient = new DocumentAnalysisClient(new Uri(config.Endpoint), new  ManagedIdentityCredential());
                 break;
 
             case AzureAIDocIntelConfig.AuthTypes.APIKey:
diff --git a/App/kernel-memory/extensions/AzureAISearch/AzureAISearch/AzureAISearchMemory.cs b/App/kernel-memory/extensions/AzureAISearch/AzureAISearch/AzureAISearchMemory.cs
index 07dfde26..0fde1f9a 100644
--- a/App/kernel-memory/extensions/AzureAISearch/AzureAISearch/AzureAISearchMemory.cs
+++ b/App/kernel-memory/extensions/AzureAISearch/AzureAISearch/AzureAISearchMemory.cs
@@ -66,7 +66,7 @@ public AzureAISearchMemory(
             case AzureAISearchConfig.AuthTypes.AzureIdentity:
                 this._adminClient = new SearchIndexClient(
                     new Uri(config.Endpoint),
-                    new DefaultAzureCredential(),
+                    new  ManagedIdentityCredential(),
                     GetClientOptions());
                 break;
 
diff --git a/App/kernel-memory/extensions/AzureBlobs/AzureBlobsStorage.cs b/App/kernel-memory/extensions/AzureBlobs/AzureBlobsStorage.cs
index 993bc2a8..0d780609 100644
--- a/App/kernel-memory/extensions/AzureBlobs/AzureBlobsStorage.cs
+++ b/App/kernel-memory/extensions/AzureBlobs/AzureBlobsStorage.cs
@@ -61,7 +61,7 @@ public AzureBlobsStorage(
             {
                 this.ValidateAccountName(config.Account);
                 var suffix = this.ValidateEndpointSuffix(config.EndpointSuffix);
-                client = new BlobServiceClient(new Uri($"https://{config.Account}.blob.{suffix}"), new DefaultAzureCredential());
+                client = new BlobServiceClient(new Uri($"https://{config.Account}.blob.{suffix}"), new  ManagedIdentityCredential());
                 break;
             }
 
diff --git a/App/kernel-memory/extensions/AzureOpenAI/AzureOpenAITextEmbeddingGenerator.cs b/App/kernel-memory/extensions/AzureOpenAI/AzureOpenAITextEmbeddingGenerator.cs
index 4e1ca1e5..09d0f40e 100644
--- a/App/kernel-memory/extensions/AzureOpenAI/AzureOpenAITextEmbeddingGenerator.cs
+++ b/App/kernel-memory/extensions/AzureOpenAI/AzureOpenAITextEmbeddingGenerator.cs
@@ -52,7 +52,7 @@ public AzureOpenAITextEmbeddingGenerator(
                 this._client = new AzureOpenAITextEmbeddingGenerationService(
                     deploymentName: config.Deployment,
                     endpoint: config.Endpoint,
-                    credential: new DefaultAzureCredential(),
+                    credential: new  ManagedIdentityCredential(),
                     modelId: config.Deployment,
                     httpClient: httpClient,
                     dimensions: config.EmbeddingDimensions,
diff --git a/App/kernel-memory/extensions/AzureOpenAI/AzureOpenAITextGenerator.cs b/App/kernel-memory/extensions/AzureOpenAI/AzureOpenAITextGenerator.cs
index bd0a1b52..4aa1f5e3 100644
--- a/App/kernel-memory/extensions/AzureOpenAI/AzureOpenAITextGenerator.cs
+++ b/App/kernel-memory/extensions/AzureOpenAI/AzureOpenAITextGenerator.cs
@@ -77,7 +77,7 @@ public AzureOpenAITextGenerator(
         switch (config.Auth)
         {
             case AzureOpenAIConfig.AuthTypes.AzureIdentity:
-                this._client = new OpenAIClient(new Uri(config.Endpoint), new DefaultAzureCredential(), options);
+                this._client = new OpenAIClient(new Uri(config.Endpoint), new  ManagedIdentityCredential(), options);
                 break;
 
             case AzureOpenAIConfig.AuthTypes.ManualTokenCredential:
diff --git a/App/kernel-memory/extensions/AzureQueues/AzureQueuesPipeline.cs b/App/kernel-memory/extensions/AzureQueues/AzureQueuesPipeline.cs
index fdf56701..61905e52 100644
--- a/App/kernel-memory/extensions/AzureQueues/AzureQueuesPipeline.cs
+++ b/App/kernel-memory/extensions/AzureQueues/AzureQueuesPipeline.cs
@@ -94,7 +94,7 @@ public AzureQueuesPipeline(
             {
                 this.ValidateAccountName(config.Account);
                 var suffix = this.ValidateEndpointSuffix(config.EndpointSuffix);
-                this._clientBuilder = queueName => new QueueClient(new($"https://{config.Account}.queue.{suffix}/{queueName}"), new DefaultAzureCredential());
+                this._clientBuilder = queueName => new QueueClient(new($"https://{config.Account}.queue.{suffix}/{queueName}"), new ManagedIdentityCredential());
                 break;
             }
 
diff --git a/App/kernel-memory/extensions/Postgres/Postgres/Internals/PostgresDbClient.cs b/App/kernel-memory/extensions/Postgres/Postgres/Internals/PostgresDbClient.cs
index bdfa0bf5..91978ae7 100644
--- a/App/kernel-memory/extensions/Postgres/Postgres/Internals/PostgresDbClient.cs
+++ b/App/kernel-memory/extensions/Postgres/Postgres/Internals/PostgresDbClient.cs
@@ -154,6 +154,8 @@ public async Task CreateTableAsync(
         CancellationToken cancellationToken = default)
     {
         var origInputTableName = tableName;
+        // Validate tableName parameter before using it in SQL construction
+        PostgresSchema.ValidateTableName(origInputTableName);
         tableName = this.WithSchemaAndTableNamePrefix(tableName);
         this._log.LogTrace("Creating table: {0}", tableName);
 
@@ -173,7 +175,7 @@ public async Task CreateTableAsync(
                     if (!string.IsNullOrEmpty(this._createTableSql))
                     {
                         cmd.CommandText = this._createTableSql
-                            .Replace(PostgresConfig.SqlPlaceholdersTableName, tableName, StringComparison.Ordinal)
+                            .Replace(PostgresConfig.SqlPlaceholdersTableName, tableName, StringComparison.Ordinal) // CodeQL [SM03934] tableName parameter is validated by PostgresSchema.ValidateTableName to prevent SQL injection
                             .Replace(PostgresConfig.SqlPlaceholdersVectorSize, $"{vectorSize}", StringComparison.Ordinal)
                             .Replace(PostgresConfig.SqlPlaceholdersLockId, $"{lockId}", StringComparison.Ordinal);
 
@@ -457,9 +459,9 @@ DO UPDATE SET
 
                     // When using 1 - (embedding <=> target) the index is not being used, therefore we calculate
                     // the similarity (1 - distance) later. Furthermore, colDistance can't be used in the WHERE clause.
-                    cmd.CommandText = @$"
+                    cmd.CommandText = @$" // CodeQL [SM03934] justification: tableName parameter is validated by PostgresSchema.ValidateTableName to prevent SQL injection
                 SELECT {columns}, {this._colEmbedding} <=> @embedding AS {colDistance}
-                FROM {tableName}
+                FROM {tableName} 
                 WHERE {filterSql}
                 ORDER BY {colDistance} ASC
                 LIMIT @limit
diff --git a/App/kernel-memory/service/Service/OpenAPI.cs b/App/kernel-memory/service/Service/OpenAPI.cs
index 70df0031..68de9240 100644
--- a/App/kernel-memory/service/Service/OpenAPI.cs
+++ b/App/kernel-memory/service/Service/OpenAPI.cs
@@ -55,6 +55,6 @@ public static void UseSwagger(this WebApplication app, KernelMemoryConfig config
 
         // URL: http://localhost:9001/swagger/index.html
         app.UseSwagger();
-        app.UseSwaggerUI();
+        //app.UseSwaggerUI(); Removed as part of Code QL issue (CodeQL [SM04686])
     }
 }