diff --git a/.github/workflows/testing.yml b/.github/workflows/testing.yml
index 59ed6c2aeb..e584507fb4 100644
--- a/.github/workflows/testing.yml
+++ b/.github/workflows/testing.yml
@@ -198,47 +198,13 @@ jobs:
         )
       )
     runs-on: 'ubuntu-latest'
+    strategy:
+        matrix:
+           testgroup: ["sync", "async", "scanner", "language"]
     timeout-minutes: 120
     env:
       LONG_TESTS: 1
     steps:
-      - name: Harden Runner
-        uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
-        with:
-          egress-policy: block
-          allowed-endpoints: >
-            access.redhat.com:443
-            api.codecov.io:443
-            api.github.com:443
-            archives.fedoraproject.org:443
-            azure.archive.ubuntu.com:80
-            cli.codecov.io:443
-            codecov.io:443
-            curl.se:443
-            epss.cyentia.com:443
-            esm.ubuntu.com:443
-            files.pythonhosted.org:443
-            ftp.fr.debian.org:80
-            github.com:443
-            gitlab.com:443
-            mirror.cveb.in:443
-            mirror.cveb.in:80
-            motd.ubuntu.com:443
-            nvd.nist.gov:443
-            osv-vulnerabilities.storage.googleapis.com:443
-            packages.microsoft.com:443
-            ppa.launchpadcontent.net:443
-            pypi.org:443
-            raw.githubusercontent.com:443
-            release-monitoring.org:443
-            rpmfind.net:443
-            security-tracker.debian.org:443
-            services.nvd.nist.gov:443
-            storage.googleapis.com:443
-            uploader.codecov.io:443
-            www.cisa.gov:443
-            www.sqlite.org:443
-
       - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
       - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0
         with:
@@ -319,7 +285,7 @@ jobs:
           NO_EXIT_CVE_NUM=1 python -m cve_bin_tool.cli test/assets/test-kerberos-5-1.15.1.out
           cp -r ~/.cache/cve-bin-tool cache
       - name: Run async tests
-        if: env.sbom != 'true'
+        if: env.sbom != 'true' && ${{ matrix.testgroup == 'async' }}
         env:
           LONG_TESTS: ${{ steps.git-diff.outputs.value }}
         run: >
@@ -329,8 +295,24 @@ jobs:
           --ignore=test/test_requirements.py
           --ignore=test/test_html.py
           --ignore=test/test_json.py
+          --ignore=test/test_scanner.py
+          --ignore=test/test_language_parser.py
+      - name: Run language parser tests
+        if: env.sbom != 'true' && ${{ matrix.testgroup == 'language' }}
+        env:
+          LONG_TESTS: ${{ steps.git-diff.outputs.value }}
+        run: >
+          pytest --cov --cov-append -n 4 -v --durations=50
+          test/test_language_parser.py
+      - name: Run scanner tests
+        if: env.sbom != 'true' && ${{ matrix.testgroup == 'scanner' }}
+        env:
+          LONG_TESTS: ${{ steps.git-diff.outputs.value }}
+        run: >
+          pytest --cov --cov-append -n 4 -v --durations=50
+          test/test_scanner.py
       - name: Run synchronous tests
-        if: env.sbom != 'true'
+        if: env.sbom != 'true' && $${{ matrix.testgroup == 'sync` }}
         env:
           LONG_TESTS: ${{ steps.git-diff.outputs.value }}
         run: >