diff --git a/.github/workflows/docker-image-to-aws-ecr.yaml b/.github/workflows/docker-image-to-aws-ecr.yaml
index 8fde372..6f8bc5c 100644
--- a/.github/workflows/docker-image-to-aws-ecr.yaml
+++ b/.github/workflows/docker-image-to-aws-ecr.yaml
@@ -54,7 +54,7 @@ jobs:
         run: echo ${{ inputs.IMAGE_TAG }}
 
       - name: Configure AWS Credentials
-        uses: aws-actions/configure-aws-credentials@8df5847569e6427dd6c4fb1cf565c83acfa8afa7 # v6
+        uses: aws-actions/configure-aws-credentials@ec61189d14ec14c8efccab744f656cffd0e33f37 # v6
         with:
           role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/github-actions-container-registry
           aws-region: ${{ secrets.AWS_REGION }}
diff --git a/.github/workflows/ecr-publish.yaml b/.github/workflows/ecr-publish.yaml
index 444e583..68455c5 100644
--- a/.github/workflows/ecr-publish.yaml
+++ b/.github/workflows/ecr-publish.yaml
@@ -59,7 +59,7 @@ jobs:
       - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
 
       - name: Configure AWS Credentials
-        uses: aws-actions/configure-aws-credentials@8df5847569e6427dd6c4fb1cf565c83acfa8afa7 # v6
+        uses: aws-actions/configure-aws-credentials@ec61189d14ec14c8efccab744f656cffd0e33f37 # v6
         with:
           role-to-assume: ${{ inputs.AWS_ROLE_ARN }}
           aws-region: us-east-1 # This is the region for the public ECR
diff --git a/.github/workflows/go-build.yaml b/.github/workflows/go-build.yaml
index de233e6..5edd03d 100644
--- a/.github/workflows/go-build.yaml
+++ b/.github/workflows/go-build.yaml
@@ -61,7 +61,7 @@ jobs:
         run: |
           cat test.out | go-ctrf-json-reporter -output ctrf-report.json
           npx github-actions-ctrf ctrf-report.json
-      - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7
+      - uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7
         with:
           name: cover.out
           path: cover.out
diff --git a/.github/workflows/s3-publish.yaml b/.github/workflows/s3-publish.yaml
index 6a88753..8397e11 100644
--- a/.github/workflows/s3-publish.yaml
+++ b/.github/workflows/s3-publish.yaml
@@ -33,7 +33,7 @@ jobs:
         with:
           name: ${{ inputs.APP_ARTIFACT }}
       - name: Configure AWS credentials
-        uses: aws-actions/configure-aws-credentials@8df5847569e6427dd6c4fb1cf565c83acfa8afa7 # v6
+        uses: aws-actions/configure-aws-credentials@ec61189d14ec14c8efccab744f656cffd0e33f37 # v6
         with:
           role-to-assume: ${{ inputs.AWS_ROLE_ARN }}
           aws-region: ${{ inputs.AWS_REGION }}
diff --git a/.github/workflows/security.yaml b/.github/workflows/security.yaml
index a57a07c..74aa926 100644
--- a/.github/workflows/security.yaml
+++ b/.github/workflows/security.yaml
@@ -54,7 +54,7 @@ jobs:
     runs-on: ubuntu-latest
     if: ${{ inputs.ENABLE_BANDIT || inputs.ENABLE_SAST }}
     container:
-      image: semgrep/semgrep@sha256:a3d49dc967b8534a6a76628e50c51cbfe33eb7195dc2feab1fdc0f100852c8ef
+      image: semgrep/semgrep@sha256:17d89ddd91a7729bbd5de09402f7f79a70204289e2a94635086e9db532a495f2
     steps:
       - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
       - run: semgrep scan --config auto
\ No newline at end of file