diff --git a/.github/workflows/code-scanning.yml b/.github/workflows/code-scanning.yml
index df70c08..1d3c6ac 100644
--- a/.github/workflows/code-scanning.yml
+++ b/.github/workflows/code-scanning.yml
@@ -34,7 +34,7 @@ jobs:
           no-fail: true
 
       - name: Upload Hadolint scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@9fdb3e49720b44c48891d036bb502feb25684276
+        uses: github/codeql-action/upload-sarif@4fa2a7953630fd2f3fb380f21be14ede0169dd4f
         with:
           sarif_file: hadolint-results.sarif
           wait-for-processing: true
@@ -64,7 +64,7 @@ jobs:
           severity: "CRITICAL,HIGH"
 
       - name: Upload Trivy scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@9fdb3e49720b44c48891d036bb502feb25684276
+        uses: github/codeql-action/upload-sarif@4fa2a7953630fd2f3fb380f21be14ede0169dd4f
         with:
           sarif_file: "trivy-results.sarif"
           wait-for-processing: true
diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml
index 27ed1e0..de9f11d 100644
--- a/.github/workflows/scorecards.yml
+++ b/.github/workflows/scorecards.yml
@@ -60,7 +60,7 @@ jobs:
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@9fdb3e49720b44c48891d036bb502feb25684276 # tag=v1.0.26
+        uses: github/codeql-action/upload-sarif@4fa2a7953630fd2f3fb380f21be14ede0169dd4f # tag=v1.0.26
         with:
           sarif_file: results.sarif