diff --git a/.github/workflows/coverage.yml b/.github/workflows/coverage.yml
index 3d3133a..1b3e4ef 100644
--- a/.github/workflows/coverage.yml
+++ b/.github/workflows/coverage.yml
@@ -37,7 +37,7 @@ jobs:
         with:
           args: '-no-fail -fmt sarif -out gosec.sarif ./...'
       - name: Upload SARIF file
-        uses: github/codeql-action/upload-sarif@59ce4c1340a74f56c129f758767ef33668e572b0
+        uses: github/codeql-action/upload-sarif@fb650c22f965a3eff7e20c5535e51a256dd16bf1
         with:
           sarif_file: gosec.sarif
   unit_tests:
diff --git a/.github/workflows/docker-build.yml b/.github/workflows/docker-build.yml
index bb560b0..4b9aa2f 100644
--- a/.github/workflows/docker-build.yml
+++ b/.github/workflows/docker-build.yml
@@ -44,6 +44,6 @@ jobs:
           # See: https://github.com/aquasecurity/trivy-action/issues/389#issuecomment-2385416577
           TRIVY_DB_REPOSITORY: 'public.ecr.aws/aquasecurity/trivy-db:2'
       - name: Upload Trivy scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@59ce4c1340a74f56c129f758767ef33668e572b0
+        uses: github/codeql-action/upload-sarif@fb650c22f965a3eff7e20c5535e51a256dd16bf1
         with:
           sarif_file: 'trivy-results.sarif'
diff --git a/.github/workflows/gosec.yaml b/.github/workflows/gosec.yaml
index 095ac95..1b6c8a3 100644
--- a/.github/workflows/gosec.yaml
+++ b/.github/workflows/gosec.yaml
@@ -29,6 +29,6 @@ jobs:
         with:
           args: '-no-fail -fmt sarif -out gosec.sarif ./...'
       - name: Upload SARIF file
-        uses: github/codeql-action/upload-sarif@59ce4c1340a74f56c129f758767ef33668e572b0
+        uses: github/codeql-action/upload-sarif@fb650c22f965a3eff7e20c5535e51a256dd16bf1
         with:
           sarif_file: gosec.sarif