diff --git a/.github/workflows/kics.yml b/.github/workflows/kics.yml
index c7fd274b9..1de7ee6c4 100644
--- a/.github/workflows/kics.yml
+++ b/.github/workflows/kics.yml
@@ -69,6 +69,6 @@ jobs:
       # Upload findings to GitHub Advanced Security Dashboard
       - name: Upload SARIF file for GitHub Advanced Security Dashboard
         if: always()
-        uses: github/codeql-action/upload-sarif@b611370bb5703a7efb587f9d136a52ea24c5c38c # v3.25.11
+        uses: github/codeql-action/upload-sarif@2d790406f505036ef40ecba973cc774a50395aac # v3.25.13
         with:
           sarif_file: kicsResults/results.sarif
diff --git a/.github/workflows/localdev-chart-test.yaml b/.github/workflows/localdev-chart-test.yaml
index 6dffc3ee6..d1487d919 100644
--- a/.github/workflows/localdev-chart-test.yaml
+++ b/.github/workflows/localdev-chart-test.yaml
@@ -62,7 +62,7 @@ jobs:
           version: v3.10.3
 
       # Setup python as a prerequisite for chart linting 
-      - uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0
+      - uses: actions/setup-python@39cd14951b08e74b54015e9e001cdefcf80e669f # v5.1.1
         with:
           python-version: '3.9'
           check-latest: true
diff --git a/.github/workflows/portal-chart-test.yaml b/.github/workflows/portal-chart-test.yaml
index dbd6ff18f..e0c90ca42 100644
--- a/.github/workflows/portal-chart-test.yaml
+++ b/.github/workflows/portal-chart-test.yaml
@@ -67,7 +67,7 @@ jobs:
           version: v3.10.3
 
       # Setup python as a prerequisite for chart linting 
-      - uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0
+      - uses: actions/setup-python@39cd14951b08e74b54015e9e001cdefcf80e669f # v5.1.1
         with:
           python-version: '3.9'
           check-latest: true
diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml
index aaa4cd516..e8c700114 100644
--- a/.github/workflows/trivy.yml
+++ b/.github/workflows/trivy.yml
@@ -50,7 +50,7 @@ jobs:
         uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
 
       - name: Run Trivy vulnerability scanner in repo mode
-        uses: aquasecurity/trivy-action@7c2007bcb556501da015201bcba5aa14069b74e2 # v0.23.0
+        uses: aquasecurity/trivy-action@6e7b7d1fd3e4fef0c5fa8cce1229c54b2c9bd0d8 # v0.24.0
         with:
           scan-type: "config"
           hide-progress: false
@@ -59,7 +59,7 @@ jobs:
           vuln-type: "os,library"
 
       - name: Upload Trivy scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@b611370bb5703a7efb587f9d136a52ea24c5c38c # v3.25.11
+        uses: github/codeql-action/upload-sarif@2d790406f505036ef40ecba973cc774a50395aac # v3.25.13
         if: always()
         with:
           sarif_file: "trivy-results1.sarif"