diff --git a/.github/workflows/code-scanning.yml b/.github/workflows/code-scanning.yml
index 9bbd7a7..16b469d 100644
--- a/.github/workflows/code-scanning.yml
+++ b/.github/workflows/code-scanning.yml
@@ -34,7 +34,7 @@ jobs:
           no-fail: true
 
       - name: Upload Hadolint scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@cdcdbb579706841c47f7063dda365e292e5cad7a
+        uses: github/codeql-action/upload-sarif@9fdb3e49720b44c48891d036bb502feb25684276
         with:
           sarif_file: hadolint-results.sarif
           wait-for-processing: true
@@ -64,7 +64,7 @@ jobs:
           severity: "CRITICAL,HIGH"
 
       - name: Upload Trivy scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@cdcdbb579706841c47f7063dda365e292e5cad7a
+        uses: github/codeql-action/upload-sarif@9fdb3e49720b44c48891d036bb502feb25684276
         with:
           sarif_file: "trivy-results.sarif"
           wait-for-processing: true
diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml
index 8cec239..27ed1e0 100644
--- a/.github/workflows/scorecards.yml
+++ b/.github/workflows/scorecards.yml
@@ -60,7 +60,7 @@ jobs:
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@cdcdbb579706841c47f7063dda365e292e5cad7a # tag=v1.0.26
+        uses: github/codeql-action/upload-sarif@9fdb3e49720b44c48891d036bb502feb25684276 # tag=v1.0.26
         with:
           sarif_file: results.sarif