diff --git a/.github/workflows/build_and_push_python_image.yml b/.github/workflows/build_and_push_python_image.yml
index 9fd8b8b4..e965638d 100644
--- a/.github/workflows/build_and_push_python_image.yml
+++ b/.github/workflows/build_and_push_python_image.yml
@@ -1,14 +1,14 @@
-name: Build Python Images and Push to Quay and ECR
+name: Build and Push python3.9-data-science
 
 on:
   push:
     paths:
-    - python3.9-data-science/Dockerfile
+    - python3.9-data-science/**
     - .github/workflows/build_and_push_python_image.yml
 
 jobs:
   python_3-9:
-    name: Python 3.9 Build and Push
+    name: Build and Push python3.9-data-science
     uses: uc-cdis/.github/.github/workflows/image_build_push.yaml@master
     with:
       DOCKERFILE_LOCATION: "./python3.9-data-science/Dockerfile"
diff --git a/.github/workflows/build_azlinux_jupyter_scipy_image.yml b/.github/workflows/build_azlinux_jupyter_scipy_image.yml
index ac934e81..59144ab3 100644
--- a/.github/workflows/build_azlinux_jupyter_scipy_image.yml
+++ b/.github/workflows/build_azlinux_jupyter_scipy_image.yml
@@ -3,7 +3,7 @@ name: Build and push AmazonLinux jupyter-scipy
 on:
   push:
     paths:
-    - azlinux-jupyter-scipy/Dockerfile
+    - azlinux-jupyter-scipy/**
     - .github/workflows/build_azlinux_jupyter_scipy_image.yml
 
 jobs:
diff --git a/.github/workflows/build_jupyter_covid19_image.yml b/.github/workflows/build_jupyter_covid19_image.yml
new file mode 100644
index 00000000..f66cf051
--- /dev/null
+++ b/.github/workflows/build_jupyter_covid19_image.yml
@@ -0,0 +1,22 @@
+name: Build and Push jupyter-covid19
+
+on:
+  push:
+    paths:
+    - jupyter-covid19/**
+    - .github/workflows/build_jupyter_covid19_image.yml
+
+jobs:
+  jupyter-covid19:
+    name: Build and Push jupyter-covid19
+    uses: uc-cdis/.github/.github/workflows/image_build_push.yaml@master
+    with:
+      DOCKERFILE_LOCATION: "./jupyter-covid19/Dockerfile"
+      DOCKERFILE_BUILD_CONTEXT: "./jupyter-covid19"
+      OVERRIDE_REPO_NAME: "jupyter-notebook"
+      OVERRIDE_TAG_NAME: "covid19-$(echo ${GITHUB_REF#refs/*/} | tr / _)"
+    secrets:
+      ECR_AWS_ACCESS_KEY_ID: ${{ secrets.ECR_AWS_ACCESS_KEY_ID }}
+      ECR_AWS_SECRET_ACCESS_KEY: ${{ secrets.ECR_AWS_SECRET_ACCESS_KEY }}
+      QUAY_USERNAME: ${{ secrets.QUAY_USERNAME }}
+      QUAY_ROBOT_TOKEN: ${{ secrets.QUAY_ROBOT_TOKEN }}
diff --git a/.github/workflows/build_jupyter_nextflow_image.yml b/.github/workflows/build_jupyter_nextflow_image.yml
index abf56048..7d4993c6 100644
--- a/.github/workflows/build_jupyter_nextflow_image.yml
+++ b/.github/workflows/build_jupyter_nextflow_image.yml
@@ -3,7 +3,7 @@ name: Build and Push Jupyter-Nextflow image
 on:
   push:
     paths:
-    - jupyter-nextflow
+    - jupyter-nextflow/**
     - .github/workflows/build_jupyter_nextflow_image.yml
 
 jobs:
diff --git a/.github/workflows/build_jupyter_restricted_download_image.yml b/.github/workflows/build_jupyter_restricted_download_image.yml
new file mode 100644
index 00000000..d28b2bfa
--- /dev/null
+++ b/.github/workflows/build_jupyter_restricted_download_image.yml
@@ -0,0 +1,22 @@
+name: Build and Push jupyter-restricted-download
+
+on:
+  push:
+    paths:
+    - jupyter-restricted-download/**
+    - .github/workflows/build_jupyter_restricted_download_image.yml
+
+jobs:
+  jupyter-restricted-download:
+    name: Build and Push jupyter-restricted-download
+    uses: uc-cdis/.github/.github/workflows/image_build_push.yaml@master
+    with:
+      DOCKERFILE_LOCATION: "./jupyter-restricted-download/Dockerfile"
+      DOCKERFILE_BUILD_CONTEXT: "./jupyter-restricted-download"
+      OVERRIDE_REPO_NAME: "jupyter-notebook"
+      OVERRIDE_TAG_NAME: "restricted-download-$(echo ${GITHUB_REF#refs/*/} | tr / _)"
+    secrets:
+      ECR_AWS_ACCESS_KEY_ID: ${{ secrets.ECR_AWS_ACCESS_KEY_ID }}
+      ECR_AWS_SECRET_ACCESS_KEY: ${{ secrets.ECR_AWS_SECRET_ACCESS_KEY }}
+      QUAY_USERNAME: ${{ secrets.QUAY_USERNAME }}
+      QUAY_ROBOT_TOKEN: ${{ secrets.QUAY_ROBOT_TOKEN }}
diff --git a/.github/workflows/build_vadc_notebook_image.yml b/.github/workflows/build_vadc_notebook_image.yml
index b12f4367..da7c92f6 100644
--- a/.github/workflows/build_vadc_notebook_image.yml
+++ b/.github/workflows/build_vadc_notebook_image.yml
@@ -4,6 +4,7 @@ on:
   push:
     paths:
     - jupyter-vadc/**
+    - .github/workflows/build_vadc_notebook_image.yml
 
 jobs:
   push-image:
diff --git a/.github/workflows/build_vlmd_submission_python_image.yml b/.github/workflows/build_vlmd_submission_python_image.yml
index 1d2406ce..cccc08a3 100644
--- a/.github/workflows/build_vlmd_submission_python_image.yml
+++ b/.github/workflows/build_vlmd_submission_python_image.yml
@@ -1,4 +1,4 @@
-name: Build Python Image and Push to Quay and ECR
+name: Build VLMD Image
 
 on:
   push:
@@ -8,7 +8,7 @@ on:
 
 jobs:
   ci:
-    name: Build Image and Push to Quay
+    name: Build VLMD Image
     uses: uc-cdis/.github/.github/workflows/image_build_push.yaml@master
     with:
       DOCKERFILE_LOCATION: "./vlmd-submission-tools/Dockerfile"
diff --git a/jupyter-covid19/Dockerfile b/jupyter-covid19/Dockerfile
index d4d514b9..c77b32c5 100644
--- a/jupyter-covid19/Dockerfile
+++ b/jupyter-covid19/Dockerfile
@@ -1,100 +1,106 @@
-FROM quay.io/cdis/jupyter-notebook:1.1.0
+FROM quay.io/cdis/jupyter-notebook:restricted-download-1.3.1
 
 USER $NB_USER
 WORKDIR /home/$NB_USER
 ARG COVID_TOOLS_BRANCH=master
 
 # copy welcome splash page
-ADD --chown=jovyan:users https://raw.githubusercontent.com/uc-cdis/covid19-tools/$COVID_TOOLS_BRANCH/covid19-notebooks/welcome.html /home/$NB_USER/
+ADD --chown=$NB_USER:users https://raw.githubusercontent.com/uc-cdis/covid19-tools/$COVID_TOOLS_BRANCH/covid19-notebooks/welcome.html /home/$NB_USER/
 RUN touch /home/$NB_USER/welcome.html
 
 # copy readme and notebooks requirements
 RUN mkdir /home/$NB_USER/covid19-notebook
 
-ADD --chown=jovyan:users https://raw.githubusercontent.com/uc-cdis/covid19-tools/$COVID_TOOLS_BRANCH/covid19-notebooks/readme.md /home/$NB_USER/covid19-notebook/
+ADD --chown=$NB_USER:users https://raw.githubusercontent.com/uc-cdis/covid19-tools/$COVID_TOOLS_BRANCH/covid19-notebooks/readme.md /home/$NB_USER/covid19-notebook/
 RUN touch /home/$NB_USER/covid19-notebook/readme.md
 
-ADD --chown=jovyan:users https://raw.githubusercontent.com/uc-cdis/covid19-tools/$COVID_TOOLS_BRANCH/covid19-notebooks/requirements.txt /home/$NB_USER/covid19-notebook/
+ADD --chown=$NB_USER:users https://raw.githubusercontent.com/uc-cdis/covid19-tools/$COVID_TOOLS_BRANCH/covid19-notebooks/requirements.txt /home/$NB_USER/covid19-notebook/
 RUN touch /home/$NB_USER/covid19-notebook/requirements.txt
 
 # copy premade notebooks
-ADD --chown=jovyan:users https://raw.githubusercontent.com/uc-cdis/covid19-tools/$COVID_TOOLS_BRANCH/covid19-notebooks/jhu-summary-overview/COVID-19-JHU_data_analysis.ipynb /home/$NB_USER/covid19-notebook/
+ADD --chown=$NB_USER:users https://raw.githubusercontent.com/uc-cdis/covid19-tools/$COVID_TOOLS_BRANCH/covid19-notebooks/jhu-summary-overview/COVID-19-JHU_data_analysis.ipynb /home/$NB_USER/covid19-notebook/
 RUN touch /home/$NB_USER/covid19-notebook/COVID-19-JHU_data_analysis.ipynb
 
-ADD --chown=jovyan:users https://raw.githubusercontent.com/uc-cdis/covid19-tools/$COVID_TOOLS_BRANCH/covid19-notebooks/kaggle-demographics/kaggle_data_analysis.ipynb /home/$NB_USER/covid19-notebook/
+ADD --chown=$NB_USER:users https://raw.githubusercontent.com/uc-cdis/covid19-tools/$COVID_TOOLS_BRANCH/covid19-notebooks/kaggle-demographics/kaggle_data_analysis.ipynb /home/$NB_USER/covid19-notebook/
 RUN touch /home/$NB_USER/covid19-notebook/kaggle_data_analysis.ipynb
 
-ADD --chown=jovyan:users https://raw.githubusercontent.com/uc-cdis/covid19-tools/$COVID_TOOLS_BRANCH/covid19-notebooks/chicago-seir-forecast/covid19_seir.ipynb /home/$NB_USER/covid19-notebook/
+ADD --chown=$NB_USER:users https://raw.githubusercontent.com/uc-cdis/covid19-tools/$COVID_TOOLS_BRANCH/covid19-notebooks/chicago-seir-forecast/covid19_seir.ipynb /home/$NB_USER/covid19-notebook/
 RUN touch /home/$NB_USER/covid19-notebook/covid19_seir.ipynb
 
-ADD --chown=jovyan:users https://raw.githubusercontent.com/uc-cdis/covid19-tools/$COVID_TOOLS_BRANCH/covid19-notebooks/chicago-seir-forecast/seir_diagram.png /home/$NB_USER/covid19-notebook/
+ADD --chown=$NB_USER:users https://raw.githubusercontent.com/uc-cdis/covid19-tools/$COVID_TOOLS_BRANCH/covid19-notebooks/chicago-seir-forecast/seir_diagram.png /home/$NB_USER/covid19-notebook/
 RUN touch /home/$NB_USER/covid19-notebook/seir_diagram.png
 
-ADD --chown=jovyan:users https://raw.githubusercontent.com/uc-cdis/covid19-tools/$COVID_TOOLS_BRANCH/covid19-notebooks/ctp_testing/CTP_testing.ipynb /home/$NB_USER/covid19-notebook/
+ADD --chown=$NB_USER:users https://raw.githubusercontent.com/uc-cdis/covid19-tools/$COVID_TOOLS_BRANCH/covid19-notebooks/ctp_testing/CTP_testing.ipynb /home/$NB_USER/covid19-notebook/
 RUN touch /home/$NB_USER/covid19-notebook/CTP_testing.ipynb
 
-ADD --chown=jovyan:users https://raw.githubusercontent.com/uc-cdis/covid19-tools/$COVID_TOOLS_BRANCH/covid19-notebooks/TCGA_COAD_COVID.ipynb /home/$NB_USER/covid19-notebook/
+ADD --chown=$NB_USER:users https://raw.githubusercontent.com/uc-cdis/covid19-tools/$COVID_TOOLS_BRANCH/covid19-notebooks/TCGA_COAD_COVID.ipynb /home/$NB_USER/covid19-notebook/
 RUN touch /home/$NB_USER/covid19-notebook/TCGA_COAD_COVID.ipynb
 
-ADD --chown=jovyan:users https://raw.githubusercontent.com/uc-cdis/covid19-tools/$COVID_TOOLS_BRANCH/covid19-notebooks/nCoV-2019_data_analysis.ipynb /home/$NB_USER/covid19-notebook/
+ADD --chown=$NB_USER:users https://raw.githubusercontent.com/uc-cdis/covid19-tools/$COVID_TOOLS_BRANCH/covid19-notebooks/nCoV-2019_data_analysis.ipynb /home/$NB_USER/covid19-notebook/
 RUN touch /home/$NB_USER/covid19-notebook/nCoV-2019_data_analysis.ipynb
 
-ADD --chown=jovyan:users https://raw.githubusercontent.com/uc-cdis/covid19-tools/$COVID_TOOLS_BRANCH/covid19-notebooks/SSR/SSR_notebook.ipynb /home/$NB_USER/covid19-notebook/
+ADD --chown=$NB_USER:users https://raw.githubusercontent.com/uc-cdis/covid19-tools/$COVID_TOOLS_BRANCH/covid19-notebooks/SSR/SSR_notebook.ipynb /home/$NB_USER/covid19-notebook/
 RUN touch /home/$NB_USER/covid19-notebook/SSR_notebook.ipynb
 
-ADD --chown=jovyan:users https://raw.githubusercontent.com/uc-cdis/covid19-tools/$COVID_TOOLS_BRANCH/covid19-notebooks/X-ray/DarkCovidNet_binary_classes.ipynb /home/$NB_USER/covid19-notebook/
+ADD --chown=$NB_USER:users https://raw.githubusercontent.com/uc-cdis/covid19-tools/$COVID_TOOLS_BRANCH/covid19-notebooks/X-ray/DarkCovidNet_binary_classes.ipynb /home/$NB_USER/covid19-notebook/
 RUN touch /home/$NB_USER/covid19-notebook/DarkCovidNet_binary_classes.ipynb
 
-ADD --chown=jovyan:users https://raw.githubusercontent.com/uc-cdis/covid19-tools/$COVID_TOOLS_BRANCH/covid19-notebooks/X-ray/CNN_XRAY_CF.ipynb /home/$NB_USER/covid19-notebook/
+ADD --chown=$NB_USER:users https://raw.githubusercontent.com/uc-cdis/covid19-tools/$COVID_TOOLS_BRANCH/covid19-notebooks/X-ray/CNN_XRAY_CF.ipynb /home/$NB_USER/covid19-notebook/
 RUN touch /home/$NB_USER/covid19-notebook/CNN_XRAY_CF.ipynb
 
-ADD --chown=jovyan:users https://raw.githubusercontent.com/uc-cdis/covid19-tools/$COVID_TOOLS_BRANCH/covid19-notebooks/google_mobility.ipynb /home/$NB_USER/covid19-notebook/
+ADD --chown=$NB_USER:users https://raw.githubusercontent.com/uc-cdis/covid19-tools/$COVID_TOOLS_BRANCH/covid19-notebooks/google_mobility.ipynb /home/$NB_USER/covid19-notebook/
 RUN touch /home/$NB_USER/covid19-notebook/google_mobility.ipynb
 
-ADD --chown=jovyan:users https://raw.githubusercontent.com/uc-cdis/covid19-tools/$COVID_TOOLS_BRANCH/covid19-notebooks/pypfb/PFB_example.ipynb /home/$NB_USER/covid19-notebook/
+ADD --chown=$NB_USER:users https://raw.githubusercontent.com/uc-cdis/covid19-tools/$COVID_TOOLS_BRANCH/covid19-notebooks/pypfb/PFB_example.ipynb /home/$NB_USER/covid19-notebook/
 RUN touch /home/$NB_USER/covid19-notebook/PFB_example.ipynb
 
-ADD --chown=jovyan:users https://raw.githubusercontent.com/uc-cdis/covid19-tools/$COVID_TOOLS_BRANCH/covid19-notebooks/IL_tab_charts.ipynb /home/$NB_USER/covid19-notebook/
+ADD --chown=$NB_USER:users https://raw.githubusercontent.com/uc-cdis/covid19-tools/$COVID_TOOLS_BRANCH/covid19-notebooks/IL_tab_charts.ipynb /home/$NB_USER/covid19-notebook/
 RUN touch /home/$NB_USER/covid19-notebook/IL_tab_charts.ipynb
 
-ADD --chown=jovyan:users https://raw.githubusercontent.com/uc-cdis/covid19-tools/$COVID_TOOLS_BRANCH/covid19-notebooks/3D_Protein_Vis/3D_Protein_Vis.ipynb /home/$NB_USER/covid19-notebook/
+ADD --chown=$NB_USER:users https://raw.githubusercontent.com/uc-cdis/covid19-tools/$COVID_TOOLS_BRANCH/covid19-notebooks/3D_Protein_Vis/3D_Protein_Vis.ipynb /home/$NB_USER/covid19-notebook/
 RUN touch /home/$NB_USER/covid19-notebook/3D_Protein_Vis.ipynb
 
-ADD --chown=jovyan:users https://raw.githubusercontent.com/uc-cdis/covid19-tools/$COVID_TOOLS_BRANCH/covid19-notebooks/3D_Protein_Vis/3D_Protein_Vis_7D4F_gui.png /home/$NB_USER/covid19-notebook/
+ADD --chown=$NB_USER:users https://raw.githubusercontent.com/uc-cdis/covid19-tools/$COVID_TOOLS_BRANCH/covid19-notebooks/3D_Protein_Vis/3D_Protein_Vis_7D4F_gui.png /home/$NB_USER/covid19-notebook/
 RUN touch /home/$NB_USER/covid19-notebook/3D_Protein_Vis_7D4F_gui.png
 
-ADD --chown=jovyan:users https://raw.githubusercontent.com/uc-cdis/covid19-tools/$COVID_TOOLS_BRANCH/covid19-notebooks/3D_Protein_Vis/3D_Protein_Vis_7D4F_view.html /home/$NB_USER/covid19-notebook/
+ADD --chown=$NB_USER:users https://raw.githubusercontent.com/uc-cdis/covid19-tools/$COVID_TOOLS_BRANCH/covid19-notebooks/3D_Protein_Vis/3D_Protein_Vis_7D4F_view.html /home/$NB_USER/covid19-notebook/
 RUN touch /home/$NB_USER/covid19-notebook/3D_Protein_Vis_7D4F_view.html
 
-ADD --chown=jovyan:users https://raw.githubusercontent.com/uc-cdis/covid19-tools/$COVID_TOOLS_BRANCH/covid19-notebooks/3D_Protein_Vis/3D_Protein_Vis_A_view.html /home/$NB_USER/covid19-notebook/
+ADD --chown=$NB_USER:users https://raw.githubusercontent.com/uc-cdis/covid19-tools/$COVID_TOOLS_BRANCH/covid19-notebooks/3D_Protein_Vis/3D_Protein_Vis_A_view.html /home/$NB_USER/covid19-notebook/
 RUN touch /home/$NB_USER/covid19-notebook/3D_Protein_Vis_A_view.html
 
-ADD --chown=jovyan:users https://raw.githubusercontent.com/uc-cdis/covid19-tools/$COVID_TOOLS_BRANCH/covid19-notebooks/3D_Protein_Vis/3D_Protein_Vis_B_view.html /home/$NB_USER/covid19-notebook/
+ADD --chown=$NB_USER:users https://raw.githubusercontent.com/uc-cdis/covid19-tools/$COVID_TOOLS_BRANCH/covid19-notebooks/3D_Protein_Vis/3D_Protein_Vis_B_view.html /home/$NB_USER/covid19-notebook/
 RUN touch /home/$NB_USER/covid19-notebook/3D_Protein_Vis_B_view.html
 
-ADD --chown=jovyan:users https://raw.githubusercontent.com/uc-cdis/covid19-tools/$COVID_TOOLS_BRANCH/covid19-notebooks/3D_Protein_Vis/3D_Protein_Vis_demo_view.html /home/$NB_USER/covid19-notebook/
+ADD --chown=$NB_USER:users https://raw.githubusercontent.com/uc-cdis/covid19-tools/$COVID_TOOLS_BRANCH/covid19-notebooks/3D_Protein_Vis/3D_Protein_Vis_demo_view.html /home/$NB_USER/covid19-notebook/
 RUN touch /home/$NB_USER/covid19-notebook/3D_Protein_Vis_demo_view.html
 
-ADD --chown=jovyan:users https://raw.githubusercontent.com/uc-cdis/covid19-tools/$COVID_TOOLS_BRANCH/covid19-notebooks/ICU_prediction/Percentage_ICU_prediction.ipynb /home/$NB_USER/covid19-notebook/
+ADD --chown=$NB_USER:users https://raw.githubusercontent.com/uc-cdis/covid19-tools/$COVID_TOOLS_BRANCH/covid19-notebooks/ICU_prediction/Percentage_ICU_prediction.ipynb /home/$NB_USER/covid19-notebook/
 RUN touch /home/$NB_USER/covid19-notebook/Percentage_ICU_prediction.ipynb
 
-ADD --chown=jovyan:users https://raw.githubusercontent.com/uc-cdis/covid19-tools/$COVID_TOOLS_BRANCH/covid19-notebooks/extended-seir/extended-seir.ipynb /home/$NB_USER/covid19-notebook/
+ADD --chown=$NB_USER:users https://raw.githubusercontent.com/uc-cdis/covid19-tools/$COVID_TOOLS_BRANCH/covid19-notebooks/extended-seir/extended-seir.ipynb /home/$NB_USER/covid19-notebook/
 RUN touch /home/$NB_USER/covid19-notebook/extended-seir.ipynb
 
-ADD --chown=jovyan:users https://raw.githubusercontent.com/uc-cdis/covid19-tools/$COVID_TOOLS_BRANCH/covid19-notebooks/extended-seir/extended-seir_diagram.png /home/$NB_USER/covid19-notebook/
+ADD --chown=$NB_USER:users https://raw.githubusercontent.com/uc-cdis/covid19-tools/$COVID_TOOLS_BRANCH/covid19-notebooks/extended-seir/extended-seir_diagram.png /home/$NB_USER/covid19-notebook/
 RUN touch /home/$NB_USER/covid19-notebook/extended-seir_diagram.png
 
-ADD --chown=jovyan:users https://raw.githubusercontent.com/uc-cdis/covid19-tools/$COVID_TOOLS_BRANCH/covid19-notebooks/extended-seir/extended-seir_parameters.png /home/$NB_USER/covid19-notebook/
+ADD --chown=$NB_USER:users https://raw.githubusercontent.com/uc-cdis/covid19-tools/$COVID_TOOLS_BRANCH/covid19-notebooks/extended-seir/extended-seir_parameters.png /home/$NB_USER/covid19-notebook/
 RUN touch /home/$NB_USER/covid19-notebook/extended-seir_parameters.png
 
 # small pfb file
-ADD --chown=jovyan:users https://raw.githubusercontent.com/uc-cdis/covid19-tools/$COVID_TOOLS_BRANCH/covid19-notebooks/pypfb/PFB_example.avro /home/$NB_USER/covid19-notebook/
+ADD --chown=$NB_USER:users https://raw.githubusercontent.com/uc-cdis/covid19-tools/$COVID_TOOLS_BRANCH/covid19-notebooks/pypfb/PFB_example.avro /home/$NB_USER/covid19-notebook/
 RUN touch /home/$NB_USER/covid19-notebook/PFB_example.avro
 
 # peregrine helper script required by the X-ray notebooks
-ADD --chown=jovyan:users https://raw.githubusercontent.com/uc-cdis/covid19-tools/$COVID_TOOLS_BRANCH/covid19-notebooks/X-ray/peregrine.py /home/$NB_USER/covid19-notebook/
+ADD --chown=$NB_USER:users https://raw.githubusercontent.com/uc-cdis/covid19-tools/$COVID_TOOLS_BRANCH/covid19-notebooks/X-ray/peregrine.py /home/$NB_USER/covid19-notebook/
 RUN touch /home/$NB_USER/covid19-notebook/peregrine.py
 
 # premade notebooks dependencies
-RUN pip install --upgrade 'pip<20.3' # pip 20.3 causes dependency resolution issues
-RUN pip install -r /home/$NB_USER/covid19-notebook/requirements.txt
+RUN pip install -U -r /home/$NB_USER/covid19-notebook/requirements.txt
+
+# The image can't function (see error below) with `jsonschema` version 3.2.0. Some dependencies are
+# preventing `jsonschema` from being upgraded to a more recent version. Updating it here as a quick fix.
+#   File "/usr/local/lib/python3.9/dist-packages/jupyter_events/validators.py", line 44, in <module>
+#     JUPYTER_EVENTS_SCHEMA_VALIDATOR = Draft7Validator(
+# TypeError: __init__() got an unexpected keyword argument 'registry'
+RUN pip install jsonschema==4.20.0 --upgrade
diff --git a/jupyter-restricted-download/.env b/jupyter-restricted-download/.env
new file mode 100644
index 00000000..a73747cf
--- /dev/null
+++ b/jupyter-restricted-download/.env
@@ -0,0 +1,3 @@
+SERVICE_PORT=9880
+USER_VOLUME=./user-volume
+DATA_VOLUME=./data-volume
diff --git a/jupyter-restricted-download/Dockerfile b/jupyter-restricted-download/Dockerfile
new file mode 100644
index 00000000..2e0fd8a3
--- /dev/null
+++ b/jupyter-restricted-download/Dockerfile
@@ -0,0 +1,104 @@
+ARG ROOT_CONTAINER=quay.io/cdis/ubuntu:focal
+
+FROM $ROOT_CONTAINER
+
+LABEL maintainer="Jupyter Project <jupyter@googlegroups.com>"
+
+# Fix DL4006
+SHELL ["/bin/bash", "-o", "pipefail", "-c"]
+
+USER root
+
+# Install all OS dependencies for the notebook server that starts but lacks all
+# features (e.g., download as all possible file formats)
+ENV DEBIAN_FRONTEND noninteractive
+RUN apt-get update --yes && \
+    apt-get install --yes --no-install-recommends \
+    python3.9 \
+    python3-pip \
+    tini \
+    wget \
+    git \
+    curl \
+    ca-certificates \
+    sudo \
+    locales \
+    fonts-liberation \
+    vim \
+    run-one && \
+    apt-get clean && rm -rf /var/lib/apt/lists/* && \
+    echo "en_US.UTF-8 UTF-8" > /etc/locale.gen && \
+    locale-gen
+
+# Set Python 3.9 as the default Python version
+RUN ln -s /usr/bin/python3.9 /usr/bin/python
+
+# Add the Python 3.9 executable path to the PATH environment variable
+ENV PATH="/usr/bin/python3.9:$PATH"
+
+# Upgrade pip to ensure it's associated with Python 3.9.5
+RUN python3.9 -m pip install --upgrade pip
+
+# Remove /usr/bin/pip3 if it exists
+RUN rm -f /usr/bin/pip3
+
+# Create a symbolic link from pip3 to pip
+RUN ln -s /usr/bin/pip /usr/bin/pip3
+
+RUN pip install JPype1 jupyter
+
+RUN jupyter notebook --generate-config
+
+# step 1 to disable downloads:
+RUN jupyter labextension disable @jupyterlab/docmanager-extension:download \
+    && jupyter labextension disable @jupyterlab/filebrowser-extension:download
+
+RUN pip install pandas numpy seaborn scipy matplotlib pyNetLogo SALib boto3 awscli --upgrade
+RUN pip install gen3==4.18.0 --upgrade
+RUN pip install jupyter --upgrade
+# step 2 to disable downloads:
+RUN pip uninstall nbconvert --yes
+
+# Create a non-root user for Jupyter without copying /bin or /bin/bash
+ARG NB_USER=jovyan
+ARG NB_UID=1000
+ARG NB_GID=100
+RUN useradd -m -s /bin/bash -N -u $NB_UID $NB_USER && \
+    chown -R $NB_USER:users /home/$NB_USER && \
+    chmod -R u+rwx /home/$NB_USER && \
+    mkdir -p /home/$NB_USER/pd
+
+# Configure environment
+ENV CONDA_DIR=/opt/conda \
+    PATH=/usr/local/bin:$PATH \
+    SHELL=/bin/bash \
+    NB_USER=${NB_USER} \
+    NB_UID=${NB_UID} \
+    NB_GID=${NB_GID} \
+    HOME=/home/$NB_USER \
+    LC_ALL=en_US.UTF-8 \
+    LANG=en_US.UTF-8 \
+    LANGUAGE=en_US.UTF-8
+
+# Expose port 8888 for JupyterLab
+EXPOSE 8888
+
+# Add local files as late as possible to avoid cache busting
+RUN wget https://raw.githubusercontent.com/jupyter/docker-stacks/7e1a19a8427f99652c75d1d4fda3df780721b574/images/docker-stacks-foundation/fix-permissions
+RUN mv fix-permissions /usr/local/bin/fix-permissions.sh
+COPY start.sh /usr/local/bin/
+COPY start-notebook.sh /usr/local/bin/
+COPY start-singleuser.sh /usr/local/bin/
+RUN chmod +x /usr/local/bin/*.sh
+
+COPY resources/custom.js /home/$NB_USER/.jupyter/custom/
+COPY resources/jupyter_notebook_config.py /home/$NB_USER/.jupyter/tmp.py
+RUN cat /home/$NB_USER/.jupyter/tmp.py >> /home/$NB_USER/.jupyter/jupyter_notebook_config.py && rm /home/$NB_USER/.jupyter/tmp.py
+
+RUN fix-permissions.sh "/home/${NB_USER}"
+
+USER $NB_USER
+
+# Set the default command to start JupyterLab
+WORKDIR /home/$NB_USER
+ENTRYPOINT ["jupyter", "lab", "--allow-root", "--ip=0.0.0.0", "--port=8888", "--no-browser"]
diff --git a/jupyter-restricted-download/README.md b/jupyter-restricted-download/README.md
new file mode 100644
index 00000000..f0d810ea
--- /dev/null
+++ b/jupyter-restricted-download/README.md
@@ -0,0 +1,3 @@
+# jupyter-restricted-download
+
+A "restricted" build of `jupyter-slim`.  Basically the same as `../jupyter-slim/`, but it prevents users from downloading anything from the jupyter lab
diff --git a/jupyter-restricted-download/resources/custom.js b/jupyter-restricted-download/resources/custom.js
new file mode 100644
index 00000000..2f6d4c13
--- /dev/null
+++ b/jupyter-restricted-download/resources/custom.js
@@ -0,0 +1,3 @@
+define(['base/js/namespace'], function(Jupyter){
+    Jupyter._target = '_self';
+})
diff --git a/jupyter-restricted-download/resources/jupyter_notebook_config.py b/jupyter-restricted-download/resources/jupyter_notebook_config.py
new file mode 100644
index 00000000..89d1b20c
--- /dev/null
+++ b/jupyter-restricted-download/resources/jupyter_notebook_config.py
@@ -0,0 +1,3 @@
+c.NotebookApp.tornado_settings = {
+    "headers": {"Content-Security-Policy": "frame-ancestors 'self'"}
+}
diff --git a/jupyter-restricted-download/start-notebook.sh b/jupyter-restricted-download/start-notebook.sh
new file mode 100644
index 00000000..d028cfd6
--- /dev/null
+++ b/jupyter-restricted-download/start-notebook.sh
@@ -0,0 +1,7 @@
+#!/bin/bash
+# Copyright (c) Jupyter Development Team.
+# Distributed under the terms of the Modified BSD License.
+
+set -e
+
+. /usr/local/bin/start.sh jupyter notebook --no-browser --port 8888 --ip=* --NotebookApp.token='' --NotebookApp.disable_check_xsrf=True $*
diff --git a/jupyter-restricted-download/start-singleuser.sh b/jupyter-restricted-download/start-singleuser.sh
new file mode 100644
index 00000000..09c1d695
--- /dev/null
+++ b/jupyter-restricted-download/start-singleuser.sh
@@ -0,0 +1,43 @@
+#!/bin/bash
+# Copyright (c) Jupyter Development Team.
+# Distributed under the terms of the Modified BSD License.
+
+set -e
+
+# set default ip to 0.0.0.0
+if [[ "$NOTEBOOK_ARGS $@" != *"--ip="* ]]; then
+  NOTEBOOK_ARGS="--ip=0.0.0.0 $NOTEBOOK_ARGS"
+fi
+
+# handle some deprecated environment variables
+# from DockerSpawner < 0.8.
+# These won't be passed from DockerSpawner 0.9,
+# so avoid specifying --arg=empty-string
+if [ ! -z "$NOTEBOOK_DIR" ]; then
+  NOTEBOOK_ARGS="--notebook-dir='$NOTEBOOK_DIR' $NOTEBOOK_ARGS"
+fi
+if [ ! -z "$JPY_PORT" ]; then
+  NOTEBOOK_ARGS="--port=$JPY_PORT $NOTEBOOK_ARGS"
+fi
+if [ ! -z "$JPY_USER" ]; then
+  NOTEBOOK_ARGS="--user=$JPY_USER $NOTEBOOK_ARGS"
+fi
+if [ ! -z "$JPY_COOKIE_NAME" ]; then
+  NOTEBOOK_ARGS="--cookie-name=$JPY_COOKIE_NAME $NOTEBOOK_ARGS"
+fi
+if [ ! -z "$JPY_BASE_URL" ]; then
+  NOTEBOOK_ARGS="--base-url=$JPY_BASE_URL $NOTEBOOK_ARGS"
+fi
+if [ ! -z "$JPY_HUB_PREFIX" ]; then
+  NOTEBOOK_ARGS="--hub-prefix=$JPY_HUB_PREFIX $NOTEBOOK_ARGS"
+fi
+if [ ! -z "$JPY_HUB_API_URL" ]; then
+  NOTEBOOK_ARGS="--hub-api-url=$JPY_HUB_API_URL $NOTEBOOK_ARGS"
+fi
+if [ ! -z "$JUPYTER_ENABLE_LAB" ]; then
+  NOTEBOOK_BIN="jupyter labhub"
+else
+  NOTEBOOK_BIN=jupyterhub-singleuser
+fi
+
+. /usr/local/bin/start.sh $NOTEBOOK_BIN $NOTEBOOK_ARGS $@
diff --git a/jupyter-restricted-download/start.sh b/jupyter-restricted-download/start.sh
new file mode 100644
index 00000000..f3c3a67f
--- /dev/null
+++ b/jupyter-restricted-download/start.sh
@@ -0,0 +1,25 @@
+#!/bin/bash
+# Copyright (c) Jupyter Development Team.
+# Distributed under the terms of the Modified BSD License.
+
+set -e
+
+# Handle special flags if we're root
+if [ $UID == 0 ] ; then
+    # Change UID of NB_USER to NB_UID if it does not match
+    if [ "$NB_UID" != $(id -u $NB_USER) ] ; then
+        usermod -u $NB_UID $NB_USER
+        chown -R $NB_UID $CONDA_DIR .
+    fi
+
+    # Enable sudo if requested
+    if [ ! -z "$GRANT_SUDO" ]; then
+        echo "$NB_USER ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/notebook #pragma: allowlist secret
+    fi
+
+    # Exec the command as NB_USER
+    exec su $NB_USER -c "env PATH=$PATH $*"
+else
+    # Exec the command
+    exec $*
+fi
diff --git a/nextflow-base-images/nvcr_image/Dockerfile b/nextflow-base-images/nvcr_image/Dockerfile
new file mode 100644
index 00000000..28d14dad
--- /dev/null
+++ b/nextflow-base-images/nvcr_image/Dockerfile
@@ -0,0 +1,36 @@
+# Use the specified base image
+FROM nvcr.io/nvidia/cuda:11.8.0-base-ubuntu22.04
+
+RUN apt-get purge -y --auto-remove openssl && apt-get autoremove && apt-get autoclean
+
+RUN apt-get update && apt-get -y upgrade && apt install -y wget
+
+RUN apt install -y build-essential && \
+    apt-get install -y python3 && \
+    apt-get install -y python3-pip
+
+# install openssl 3.0.8 as it is required for FIPS compliance.
+WORKDIR /tmp
+RUN wget https://www.openssl.org/source/openssl-3.0.8.tar.gz && \
+    tar -xzvf openssl-3.0.8.tar.gz && \
+    rm openssl-3.0.8.tar.gz
+
+WORKDIR /tmp/openssl-3.0.8
+RUN ./Configure enable-fips && \
+    make && \
+    make install
+
+# Changing adding `/usr/local/lib` as a prefix to LD_LIBRARY_PATH will
+# give precedence to OpenSSL 3.0.8 library files over the 3.0.2
+ENV LD_LIBRARY_PATH=/usr/local/lib:/usr/local/lib64:$LD_LIBRARY_PATH
+
+# Make config changes ti ensure FIPS compliance
+RUN sed -i 's$# .include fipsmodule.cnf$.include /usr/local/ssl/fipsmodule.cnf$g' /usr/local/ssl/openssl.cnf
+RUN sed -i 's$providers = provider_sect$providers = provider_sect\nalg_section = algorithm_sect$g' /usr/local/ssl/openssl.cnf
+RUN sed -i 's$# fips = fips_sect$fips = fips_sect$g' /usr/local/ssl/openssl.cnf
+RUN sed -i -e 's$# activate = 1$activate = 1 \n\n[algorithm_sect]\ndefault_properties = fips=yes$g' /usr/local/ssl/openssl.cnf
+
+
+# Clean up the temporary directory
+WORKDIR /
+RUN rm -rf /tmp/openssl-3.0.8