diff --git a/CHANGELOG.md b/CHANGELOG.md
index 02c8016..e68ef17 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -7,6 +7,11 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [v9.9.3-1] - 2024-02-01
+### Changed
+- [#98] upgrade SonarQube to LTS 9.9.3
+- upgrade base image to Java 17.0.9-1
+
 ## [v9.9.1-7] - 2023-10-23
 ### Fixed
 - [#96] Fixed CVE-2023-35945 CVE-2023-38039 CVE-2023-38545 CVE-2023-39417 CVE-2023-44487
diff --git a/Dockerfile b/Dockerfile
index 43af51b..2974a29 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,15 +1,15 @@
-FROM registry.cloudogu.com/official/java:17.0.6-2 as base
+FROM registry.cloudogu.com/official/java:17.0.9-1 as base
 
 ENV SONARQUBE_HOME=/opt/sonar \
     # mark as webapp for nginx
     SERVICE_TAGS=webapp \
-    SONAR_VERSION=9.9.1.69595 \
+    SONAR_VERSION=9.9.3.79811 \
     CAS_PLUGIN_VERSION=5.0.2 \
     STARTUP_DIR="/"
 
 FROM base as builder
 
-ENV SONARQUBE_ZIP_SHA256=40bb45f551c7959ba1d3a5ff7b5432a558a5b2ad2efa5e9e1fcf52b83142897b \
+ENV SONARQUBE_ZIP_SHA256=fa415cc69437843c6701ff93961c2fe298bef659e97c442b1bf9f88a858f5f45 \
     CAS_PLUGIN_JAR_SHA256=82f9fd7f65c9ce255f4f1dd6649a65a1f7eaf2acbc6a54f2c8103cbc2a42010f \
     BUILDER_HOME="/builder/sonar"
 
@@ -27,7 +27,7 @@ RUN echo "${CAS_PLUGIN_JAR_SHA256} *${BUILDER_HOME}/sonar-cas-plugin-${CAS_PLUGI
 FROM base
 
 LABEL NAME="official/sonar" \
-    VERSION="9.9.1-7" \
+    VERSION="9.9.3-1" \
     maintainer="hello@cloudogu.com"
 
 RUN set -eux \
diff --git a/Jenkinsfile b/Jenkinsfile
index 4ded356..52173ad 100644
--- a/Jenkinsfile
+++ b/Jenkinsfile
@@ -1,5 +1,5 @@
 #!groovy
-@Library(['github.com/cloudogu/ces-build-lib@1.65.0', 'github.com/cloudogu/dogu-build-lib@v2.1.0'])
+@Library(['github.com/cloudogu/ces-build-lib@2.1.0', 'github.com/cloudogu/dogu-build-lib@v2.3.0'])
 import com.cloudogu.ces.cesbuildlib.*
 import com.cloudogu.ces.dogubuildlib.*
 
@@ -12,7 +12,7 @@ node('vagrant') {
     GitFlow gitflow = new GitFlow(this, git)
     GitHub github = new GitHub(this, git)
     Changelog changelog = new Changelog(this)
-    Markdown markdown = new Markdown(this, "3.11.0")
+    Markdown markdown = new Markdown(this, "3.11.2")
 
     timestamps{
         properties([
@@ -38,7 +38,8 @@ node('vagrant') {
         }
 
         stage('Lint') {
-            lintDockerfile()
+            Dockerfile dockerfile = new Dockerfile(this)
+            dockerfile.lint()
             // TODO: Change this to shellCheck("./resources") as soon as https://github.com/cloudogu/dogu-build-lib/issues/8 is solved
             shellCheck("./resources/post-upgrade.sh ./resources/pre-upgrade.sh ./resources/startup.sh ./resources/upgrade-notification.sh ./resources/util.sh")
         }
diff --git a/docs/development/developing_de.md b/docs/development/developing_de.md
index 357b762..cbfbbc6 100644
--- a/docs/development/developing_de.md
+++ b/docs/development/developing_de.md
@@ -128,20 +128,26 @@ Es muss sichergestellt werden, dass die Variablen in der Produktions- (z. B. `Do
 
 Wegen Kommunikationsprobleme durch selbst-signierte SSL-Zertifikate in einer Entwicklungs-CES-Instanz bietet es sich an, den SonarScanner per Jenkins in der gleichen Instanz zu betreiben. Folgendes Vorgehen hat sich bewährt:
 
-1. SCM-Manager und Jenkins installieren
+1. SCM-Manager und Jenkins im CES installieren
    - `cesapp install official/scm; cesapp install official/scm; cesapp start scm; cesapp start jenkins`
-1. SCMM: Spring Petclinic im SCM-Manager durch SCMM-Repo-Import in ein neues Repository einspielen
-1. SonarQube: ggf. lokale User oder API-Token erzeugen
-1. Jenkins
-   1. Credentials für SCMM und SonarQube im Jenkins Credential Manager einfügen
-      - für SCMM z. B. unter der ID `scmCredentials`
+2. SCMM:
+   - Spring Petclinic im SCM-Manager durch SCMM-Repo-Import in ein neues Repository einspielen 
+   - Import: https://github.com/cloudogu/spring-petclinic/
+   - Admin-Credentials reichen für diesen Test aus
+3. Jenkins
+   1. Credentials für SCMM und SonarQube im [Jenkins Credential Manager](https://192.168.56.2/jenkins/manage/credentials/store/system/domain/_/newCredentials) einfügen <!-- markdown-link-check-disable-line -->
+      - Admin-Credentials unter der ID `scmCredentials` ablegen
+        - SCMM und SonarQube teilen sich Admin-Credentials (SCMM in der Build-Konfiguration, SonarQube im Jenkinsfile)
       - für SonarQube auf Credentialtyp achten!
          - `Username/Password` für Basic Authentication
-         - `Secret text` für SQ API Token
-   1. Build-Job anlegen
-      1. Element anlegen -> `SCM-Manager Namespace` auswählen -> Job konfigurieren
-         - Repo: https://192.198.56.2/scm <!-- markdown-link-check-disable-line -->
-         - Credentials: wie oben konfiguriert
-      1. Job speichern
-      1. ggf. überzählige/nicht funktionierende Jobs abbrechen
-      1. master/main-Branch anpassen und bauen
+   2. Build-Job anlegen
+      1. Element anlegen -> `Multibranch Pipeline` auswählen -> Job konfigurieren
+         - Branch Sources/Add source: "SCM-Manager (git, hg)" auswählen 
+         - Repo: https://192.198.56.2/scm/ <!-- markdown-link-check-disable-line -->
+         - Credentials für SCM-Manager: oben konfiguriertes Credential `scmCredentials` auswählen
+      2. Job speichern
+         - das Jenkinsfile wird automatisch gefunden
+      3. ggf. überzählige/nicht funktionierende Jobs abbrechen
+      4. master-Branch hinsichtlich geänderter Credentials oder unerwünschter Jobstages anpassen und bauen
+         - wichtig ist eine alte Version (ces-build-lib@1.35.1) der `ces-build-lib`, neuere Versionen führen zu Authentifizierungsfehlern
+         - ein Austausch gegen eine neuere Build-lib ist im Rahmen von Smoketests von SonarQube nicht maßgeblich
diff --git a/docs/development/developing_en.md b/docs/development/developing_en.md
index 22e5773..ff48dcc 100644
--- a/docs/development/developing_en.md
+++ b/docs/development/developing_en.md
@@ -130,20 +130,26 @@ At least make sure that the variables are properly set into the production (f. i
 
 Due to communication problems caused by self-signed SSL certificates in a development CES instance, it is a good idea to run SonarScanner via Jenkins in the same instance. The following procedure has proven successful:
 
-1. install SCM Manager and Jenkins.
-   - `cesapp install official/scm; cesapp install official/scm; cesapp start scm; cesapp start jenkins`
-1. SCMM: install Spring Petclinic in SCM manager by SCMM repo import into a new repository
-1. sonarQube: create local user or API token if necessary
-1. jenkins
-   1. add credentials for SCMM and SonarQube in Jenkins Credential Manager
-      - for SCMM e.g. under the ID `scmCredentials
-      - for SonarQube pay attention to credential type!
-         - username/password for Basic Authentication
-         - `Secret text` for SQ API token
-   1. create build job
-      1. create element -> select `SCM-Manager Namespace` -> configure job
-         - Server URL: https://192.198.56.2/scm <!-- markdown-link-check-disable-line -->
-         - Credentials: as configured above
-      1. save job
-      1. cancel surplus/non-functioning jobs if necessary
-      1. adjust and build master/main branch
+1. install SCM Manager and Jenkins in CES
+   - `cesapp install official/scm; cesapp install official/scm; cesapp start scm; cesapp start jenkins`.
+2. SCMM:
+   - Import Spring Petclinic into a new repository in the SCM Manager via SCMM repo import
+   - Import: https://github.com/cloudogu/spring-petclinic/
+   - Admin credentials are sufficient for this test
+3. jenkins
+   1. insert credentials for SCMM and SonarQube in the [Jenkins Credential Manager](https://192.168.56.2/jenkins/manage/credentials/store/system/domain/_/newCredentials) <!-- markdown-link-check-disable-line -->
+      - Store admin credentials under the ID `scmCredentials`
+         - SCMM and SonarQube share admin credentials (SCMM in the build configuration, SonarQube in the Jenkinsfile)
+      - Pay attention to the credential type for SonarQube!
+         - `Username/Password` for Basic Authentication
+   2. create build job
+      Create 1st element -> Select `Multibranch Pipeline` -> Configure job
+      - Select Branch Sources/Add source: "SCM-Manager (git, hg)"
+      - Repo: https://192.198.56.2/scm/ <!-- markdown-link-check-disable-line -->
+      - Credentials for SCM Manager: select the credential `scmCredentials` configured above
+      2. save job
+         - the Jenkinsfile will be found automatically
+      3. if necessary, cancel surplus/non-functioning jobs
+      4. adapt and build master branch with regard to changed credentials or unwanted job stages
+         - an old version (ces-build-lib@1.35.1) of the `ces-build-lib` is important, newer versions will lead to authentication errors
+         - a build-lib replace is not relevant in the context of smoke tests of SonarQube
diff --git a/dogu.json b/dogu.json
index 3c7810c..0f6f57d 100644
--- a/dogu.json
+++ b/dogu.json
@@ -1,6 +1,6 @@
 {
   "Name": "official/sonar",
-  "Version": "9.9.1-7",
+  "Version": "9.9.3-1",
   "DisplayName": "SonarQube",
   "Description": "SonarQube is an open source quality management platform, dedicated to continuously analyze and measure source code quality",
   "Category": "Development Apps",
diff --git a/spec/goss/goss.yaml b/spec/goss/goss.yaml
index a550bf4..63ba907 100644
--- a/spec/goss/goss.yaml
+++ b/spec/goss/goss.yaml
@@ -19,7 +19,7 @@ file:
 package:
   postgresql14-client:
     installed: true
-  procps:
+  procps-ng:
     installed: true
 user:
   sonar: