diff --git a/.github/workflows/autosync-profile.yml b/.github/workflows/autosync-profile.yml
index f489207..c18185a 100644
--- a/.github/workflows/autosync-profile.yml
+++ b/.github/workflows/autosync-profile.yml
@@ -31,7 +31,7 @@ jobs:
           token: ${{ steps.get_installation_token.outputs.token }}
       - name: autosync profile
         id: autosync-profile
-        uses: RedHatProductSecurity/trestle-bot/actions/autosync@v0.8.0
+        uses: RedHatProductSecurity/trestle-bot/actions/autosync@v0.9.0
         with:
           markdown_path: "markdown/profiles"
           oscal_model: "profile"
diff --git a/.github/workflows/create-new.yml b/.github/workflows/create-new.yml
index caf613e..8c72636 100644
--- a/.github/workflows/create-new.yml
+++ b/.github/workflows/create-new.yml
@@ -22,7 +22,7 @@ jobs:
     name: Create profile
     runs-on: ubuntu-latest
     container:
-      image: quay.io/continuouscompliance/trestle-bot:v0.8.0
+      image: quay.io/continuouscompliance/trestle-bot:v0.9.0
     steps:
       - name: Generate app token
         uses: tibdex/github-app-token@v2.1.0
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 6fb46b5..c93c7bb 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -24,7 +24,7 @@ jobs:
         with:
           token: ${{ steps.get_installation_token.outputs.token }}
       - name: Autosync
-        uses: RedHatProductSecurity/trestle-bot/actions/autosync@v0.8.0
+        uses: RedHatProductSecurity/trestle-bot/actions/autosync@v0.9.0
         with:
           markdown_path: "markdown/profiles"
           oscal_model: "profile"
diff --git a/.github/workflows/update-upstream.yml b/.github/workflows/update-upstream.yml
index 2b9ad79..d6b8686 100644
--- a/.github/workflows/update-upstream.yml
+++ b/.github/workflows/update-upstream.yml
@@ -79,7 +79,7 @@ jobs:
             "profiles/${FEDRAMP_PROFILE_NAME}"
       - name: Regenerate profiles
         if: ${{ steps.updates.outputs.pull-request-number }}
-        uses: RedHatProductSecurity/trestle-bot/actions/autosync@v0.8.0
+        uses: RedHatProductSecurity/trestle-bot/actions/autosync@v0.9.0
         with:
           markdown_path: "markdown/profiles"
           oscal_model: "profile"
diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml
index 3d635e4..9972615 100644
--- a/.github/workflows/validate.yml
+++ b/.github/workflows/validate.yml
@@ -22,13 +22,19 @@ jobs:
       - name: Clone
         uses: actions/checkout@v4
       - name: Check profile
-        id: check-profile
-        uses: RedHatProductSecurity/trestle-bot/actions/autosync@v0.8.0
+        id: check
+        uses: RedHatProductSecurity/trestle-bot/actions/autosync@v0.9.0
         with:
           markdown_path: "markdown/profiles"
           oscal_model: "profile"
-          check_only: true
           skip_items: "fedramp_rev5_high"
+          dry_run: true
+      - name: Fail
+        if: ${{ steps.check.outputs.changes == 'true' }}
+        uses: actions/github-script@v7
+        with:
+          script: |
+              core.setFailed('Changes detected. Manual intervention may be required.')
     
   call-autosync:
     needs: [test]