diff --git a/.prettierignore b/.prettierignore
index b5502c0802..e11b132198 100644
--- a/.prettierignore
+++ b/.prettierignore
@@ -85,3 +85,6 @@ core
 backend/backend-production.*
 
 **/temp/**
+
+# monaco editor
+**/vs/loader.js 
diff --git a/backend/npx.js b/backend/npx.js
index e1a30cc38b..2e04c8da32 100644
--- a/backend/npx.js
+++ b/backend/npx.js
@@ -66,6 +66,9 @@ app.get('/core-ui/*', (_, res) =>
 
 app.use('/backend', handleRequest);
 
+// serve Monaco editor static files
+app.use('/vs', express.static(path.join(__dirname, 'vs')));
+
 app.use('/', express.static(path.join(__dirname, 'core')));
 app.get('/*', (_, res) =>
   res.sendFile(path.join(__dirname + '/core/index.html')),
diff --git a/backend/vs b/backend/vs
new file mode 120000
index 0000000000..bc35daff37
--- /dev/null
+++ b/backend/vs
@@ -0,0 +1 @@
+../node_modules/monaco-editor/min/vs
diff --git a/core-ui/nginx.conf b/core-ui/nginx.conf
index 8fffa19a38..055ff3fabb 100644
--- a/core-ui/nginx.conf
+++ b/core-ui/nginx.conf
@@ -55,7 +55,6 @@ http {
     location / {
         access_log /dev/stdout combined if=$nonSuccessful;
         #limit_req zone=mylimit burst=30; # we might consider using this feature; for now it destroys the performance completely
-        set $monacoEditorCdn https://cdn.jsdelivr.net; 
         try_files $uri$args $uri$args/ $uri $uri/ /;
 
         add_header 'Cache-Control' 'public, max-age=300';
@@ -64,7 +63,7 @@ http {
         add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains';
         add_header X-XSS-Protection '1; mode=block';
         add_header X-Frame-Options 'SAMEORIGIN';
-        add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'sha256-7fF0zlMDaJyxa8K3gkd0Gnt657Obx/gdAct0hR/pdds=' $monacoEditorCdn data: blob:; style-src 'self' 'unsafe-inline' $monacoEditorCdn; connect-src 'self' * https://* wss://*; font-src 'self' $monacoEditorCdn data:; frame-ancestors https://*; object-src 'none'; media-src 'self'; form-action 'self'; img-src * data:; child-src * blob:;  worker-src 'self' blob: data:;";
+        add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'sha256-7fF0zlMDaJyxa8K3gkd0Gnt657Obx/gdAct0hR/pdds=' 'sha256-bjOtDHhqB+wVlyFDAxz9e0RvTn+EEec/Z4mpjUjNvAs=' data: blob:; style-src 'self' 'unsafe-inline'; connect-src 'self' * https://* wss://*; font-src 'self' data:; frame-ancestors https://*; object-src 'none'; media-src 'self'; form-action 'self'; img-src * data:; child-src * blob:;  worker-src 'self' blob: data:;";
     
     }
 
diff --git a/core-ui/public/vs b/core-ui/public/vs
new file mode 120000
index 0000000000..5e0c30025c
--- /dev/null
+++ b/core-ui/public/vs
@@ -0,0 +1 @@
+../../node_modules/monaco-editor/min/vs
\ No newline at end of file
diff --git a/core/.gitignore b/core/.gitignore
index 78b64cb7ed..74223ff451 100644
--- a/core/.gitignore
+++ b/core/.gitignore
@@ -41,4 +41,4 @@ testem.log
 Thumbs.db
 pkup.sh
 
-src/assets/luigi-core
+src/assets/libs
diff --git a/core/.prettierignore b/core/.prettierignore
index c4db424645..2cd4402fcf 100644
--- a/core/.prettierignore
+++ b/core/.prettierignore
@@ -1,2 +1,2 @@
-src/assets/luigi-core
+src/assets/libs
 src/assets/luigiConfig.bundle.js
diff --git a/core/Dockerfile b/core/Dockerfile
index f7bdee780f..a156a99324 100644
--- a/core/Dockerfile
+++ b/core/Dockerfile
@@ -22,7 +22,7 @@ ARG app_name=core
 
 COPY ./${app_name}/nginx/nginx.conf /etc/nginx/nginx.conf
 COPY --from=builder /app/${app_name}/src /usr/share/nginx/html/
-COPY --from=builder /app/${app_name}/src/assets/luigi-core /usr/share/nginx/html/assets/luigi-core
+COPY --from=builder /app/${app_name}/src/assets/libs /usr/share/nginx/html/assets/libs
 COPY --from=builder /app/${app_name}/licenses/ /app/licenses/
 COPY --from=builder /app/${app_name}/nginx/conf.d /etc/nginx/conf.d/
 COPY --from=builder /app/${app_name}/nginx/nginx.conf /etc/nginx/
diff --git a/core/nginx/nginx.conf b/core/nginx/nginx.conf
index 5d515225e0..12de0dab6c 100644
--- a/core/nginx/nginx.conf
+++ b/core/nginx/nginx.conf
@@ -61,7 +61,7 @@ http {
 
             add_header 'Cache-Control' 'public, max-age=300';
             add_header X-Frame-Options 'SAMEORIGIN';
-            add_header Content-Security-Policy "default-src 'self'; script-src https://cdnjs.cloudflare.com/ajax/libs/js-yaml/4.0.0/js-yaml.js 'self'; style-src 'self' 'unsafe-inline'; connect-src 'self' https://* wss://*; font-src 'self' data:; frame-ancestors 'self'; object-src 'none'; media-src 'self'; form-action 'self'; img-src * data:; child-src * blob:; worker-src 'self' blob:;";
+            add_header Content-Security-Policy "default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; connect-src 'self' https://* wss://*; font-src 'self' data:; frame-ancestors 'self'; object-src 'none'; media-src 'self'; form-action 'self'; img-src * data:; child-src * blob:; worker-src 'self' blob:;";
             add_header X-Content-Type-Options 'nosniff';
             add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains';
             add_header X-XSS-Protection '1; mode=block';
diff --git a/core/src/index.html b/core/src/index.html
index de702e4027..564147e2e7 100644
--- a/core/src/index.html
+++ b/core/src/index.html
@@ -11,7 +11,7 @@
     <link
       charset="utf-8"
       rel="stylesheet"
-      href="/assets/luigi-core/luigi.css"
+      href="/assets/libs/luigi-core/luigi.css"
     />
     <style type="text/css" rel="stylesheet">
       #app .fd-shellbar__title {
@@ -28,7 +28,7 @@
   </head>
 
   <body>
-    <script charset="utf-8" src="/assets/luigi-core/luigi.js"></script>
+    <script charset="utf-8" src="/assets/libs/luigi-core/luigi.js"></script>
     <script charset="utf-8" src="/assets/config/config.js"></script>
     <script charset="utf-8" src="/assets/luigiConfig.bundle.js"></script>
     <div luigi-app-loading-indicator>
diff --git a/core/src/login.html b/core/src/login.html
index a29d272051..789327b863 100644
--- a/core/src/login.html
+++ b/core/src/login.html
@@ -9,7 +9,7 @@
     <meta name="description" content="" />
     <meta name="keywords" content="logout" />
 
-    <link rel="stylesheet" href="/assets/luigi-core/luigi.css" />
+    <link rel="stylesheet" href="/assets/libs/luigi-core/luigi.css" />
     <style type="text/css">
       .fd-page {
         height: 100vh;
@@ -123,12 +123,7 @@
         color: #0854a0;
       }
     </style>
-    <script
-      src="https://cdnjs.cloudflare.com/ajax/libs/js-yaml/4.0.0/js-yaml.js"
-      integrity="sha512-LcHBP6wEG9wiB9l6Ok0oHj/OiepnKTPKSIlIy9I21LPhfNFAQzEJVeEJ2sXYFK8p4V/UR+1/pTHo4Cw1yPK7NA=="
-      crossorigin="anonymous"
-      defer
-    ></script>
+    <script src="/assets/libs/js-yaml/js-yaml.min.js"></script>
   </head>
 
   <body>
diff --git a/core/src/logout.html b/core/src/logout.html
index 25a2c5650d..4d172dc69f 100644
--- a/core/src/logout.html
+++ b/core/src/logout.html
@@ -9,7 +9,7 @@
     <meta name="description" content="" />
     <meta name="keywords" content="logout" />
 
-    <link rel="stylesheet" href="/assets/luigi-core/luigi.css" />
+    <link rel="stylesheet" href="/assets/libs/luigi-core/luigi.css" />
 
     <style type="text/css">
       .fd-page {
diff --git a/core/src/nopermissions.html b/core/src/nopermissions.html
index 2c9e77f082..0c67e79e04 100644
--- a/core/src/nopermissions.html
+++ b/core/src/nopermissions.html
@@ -7,7 +7,7 @@
 
     <title>Not enough permissions</title>
 
-    <link rel="stylesheet" href="/assets/luigi-core/luigi.css" />
+    <link rel="stylesheet" href="/assets/libs/luigi-core/luigi.css" />
 
     <style type="text/css">
       .fd-page {
diff --git a/core/webpack.config.js b/core/webpack.config.js
index 7037749f6b..edf6e7d89e 100644
--- a/core/webpack.config.js
+++ b/core/webpack.config.js
@@ -22,7 +22,11 @@ module.exports = {
   },
   plugins: [
     new CopyWebpackPlugin([
-      { from: './node_modules/@luigi-project/core', to: 'luigi-core' },
+      { from: './node_modules/@luigi-project/core', to: 'libs/luigi-core' },
+      {
+        from: '../node_modules/js-yaml/dist/js-yaml.min.js',
+        to: 'libs/js-yaml',
+      },
     ]),
   ],
 };
diff --git a/package-lock.json b/package-lock.json
index b3559b93c2..7730ddbc67 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -23956,6 +23956,11 @@
       "resolved": "https://registry.npmjs.org/moment/-/moment-2.29.1.tgz",
       "integrity": "sha512-kHmoybcPV8Sqy59DwNDY3Jefr64lK/by/da0ViFcuA4DH0vQg5Q6Ze5VimxkfQNSC+Mls/Kx53s7TjP1RhFEDQ=="
     },
+    "monaco-editor": {
+      "version": "0.23.0",
+      "resolved": "https://registry.npmjs.org/monaco-editor/-/monaco-editor-0.23.0.tgz",
+      "integrity": "sha512-q+CP5zMR/aFiMTE9QlIavGyGicKnG2v/H8qVvybLzeFsARM8f6G9fL0sMST2tyVYCwDKkGamZUI6647A0jR/Lg=="
+    },
     "moo": {
       "version": "0.5.1",
       "resolved": "https://registry.npmjs.org/moo/-/moo-0.5.1.tgz",
diff --git a/package.json b/package.json
index aa41853546..fafd634861 100644
--- a/package.json
+++ b/package.json
@@ -63,6 +63,7 @@
     "lodash.clonedeep": "^4.5.0",
     "merge": "2.1.0",
     "moment": "^2.24.0",
+    "monaco-editor": "^0.23.0",
     "node-fetch": "^2.6.1",
     "prop-types": "^15.7.2",
     "property-expr": "^2.0.4",
diff --git a/resources/web/deployment-service-catalog.yaml b/resources/web/deployment-service-catalog.yaml
index f29a06d287..a523c8d637 100644
--- a/resources/web/deployment-service-catalog.yaml
+++ b/resources/web/deployment-service-catalog.yaml
@@ -16,7 +16,7 @@ spec:
     spec:
       containers:
         - name: service-catalog
-          image: eu.gcr.io/kyma-project/busola-service-catalog-ui:PR-104
+          image: eu.gcr.io/kyma-project/busola-service-catalog-ui:PR-101
           imagePullPolicy: IfNotPresent
           resources: {}
           ports:
diff --git a/resources/web/deployment.yaml b/resources/web/deployment.yaml
index b41117cd69..0e5229a8b1 100644
--- a/resources/web/deployment.yaml
+++ b/resources/web/deployment.yaml
@@ -16,7 +16,7 @@ spec:
     spec:
       containers:
         - name: busola
-          image: eu.gcr.io/kyma-project/busola-core:PR-104
+          image: eu.gcr.io/kyma-project/busola-core:PR-101
           imagePullPolicy: Always
           resources:
             # limits:
@@ -34,7 +34,7 @@ spec:
             - containerPort: 6080
             - containerPort: 8080
         - name: core-ui
-          image: eu.gcr.io/kyma-project/busola-core-ui:PR-106
+          image: eu.gcr.io/kyma-project/busola-core-ui:PR-101
           imagePullPolicy: Always
           resources:
             # limits:
diff --git a/service-catalog-ui/nginx.conf b/service-catalog-ui/nginx.conf
index 97cf628548..bf8a6b5033 100644
--- a/service-catalog-ui/nginx.conf
+++ b/service-catalog-ui/nginx.conf
@@ -58,7 +58,7 @@ http {
         add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains';
         add_header X-XSS-Protection '1; mode=block';
         add_header X-Frame-Options 'SAMEORIGIN';
-        add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-eval' data: blob:; style-src 'self' 'unsafe-inline'; connect-src 'self' * https://* wss://*; font-src 'self' data:; frame-ancestors https://*; object-src 'none'; media-src 'self'; form-action 'self'; img-src * data:; child-src * blob:; worker-src 'self' blob: data:;";
+        add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-eval' 'sha256-bjOtDHhqB+wVlyFDAxz9e0RvTn+EEec/Z4mpjUjNvAs=' data: blob:; style-src 'self' 'unsafe-inline'; connect-src 'self' * https://* wss://*; font-src 'self' data:; frame-ancestors https://*; object-src 'none'; media-src 'self'; form-action 'self'; img-src * data:; child-src * blob:; worker-src 'self' blob: data:;";
         # allow unsafe-eval scripts because of "ajv" module - https://github.com/ajv-validator/ajv/issues/406    
     }
 
diff --git a/service-catalog-ui/public/vs b/service-catalog-ui/public/vs
new file mode 120000
index 0000000000..5e0c30025c
--- /dev/null
+++ b/service-catalog-ui/public/vs
@@ -0,0 +1 @@
+../../node_modules/monaco-editor/min/vs
\ No newline at end of file
diff --git a/service-catalog-ui/vs b/service-catalog-ui/vs
new file mode 120000
index 0000000000..edec3e9e26
--- /dev/null
+++ b/service-catalog-ui/vs
@@ -0,0 +1 @@
+../../shared/node_modules/monaco-editor/min/vs
\ No newline at end of file
diff --git a/shared/index.js b/shared/index.js
index 33a96918d9..6b129522ab 100644
--- a/shared/index.js
+++ b/shared/index.js
@@ -53,3 +53,8 @@ export * from './components/ModalWithForm/ModalWithForm';
 
 import * as CustomPropTypes from './typechecking/CustomPropTypes';
 export { CustomPropTypes };
+
+import { monaco } from '@monaco-editor/react';
+
+// monaco editor - load from static files instead of from CDN
+monaco.config({ paths: { vs: '/vs' } });
diff --git a/shared/package.json b/shared/package.json
index 563a4a56ff..bb87e5eef7 100644
--- a/shared/package.json
+++ b/shared/package.json
@@ -7,7 +7,7 @@
     "test:watch": "jest --watch",
     "build": "webpack --env.production",
     "start:kyma": "webpack --env.development --watch",
-    "build:npx": "echo no-op, done during bootstrap"
+    "build:npx": "ln -sf ../node_modules/monaco-editor/min/vs ../backend/vs"
   },
   "author": "hasselhoff-team@kyma",
   "devDependencies": {