diff --git a/.github/workflows/codeql-analysis.yaml b/.github/workflows/codeql-analysis.yaml
index 23d1841..09b917e 100644
--- a/.github/workflows/codeql-analysis.yaml
+++ b/.github/workflows/codeql-analysis.yaml
@@ -31,12 +31,12 @@ jobs:
           persist-credentials: false
 
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@c10b8064de6f491fea524254123dbe5e09572f13  # v4.35.1
+        uses: github/codeql-action/init@95e58e9a2cdfd71adc6e0353d5c52f41a045d225  # v4.35.2
         with:
           languages: go
 
       - name: Autobuild
-        uses: github/codeql-action/autobuild@c10b8064de6f491fea524254123dbe5e09572f13  # v4.35.1
+        uses: github/codeql-action/autobuild@95e58e9a2cdfd71adc6e0353d5c52f41a045d225  # v4.35.2
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@c10b8064de6f491fea524254123dbe5e09572f13  # v4.35.1
+        uses: github/codeql-action/analyze@95e58e9a2cdfd71adc6e0353d5c52f41a045d225  # v4.35.2
diff --git a/.github/workflows/release-on-tag.yaml b/.github/workflows/release-on-tag.yaml
index 551407d..9df57b9 100644
--- a/.github/workflows/release-on-tag.yaml
+++ b/.github/workflows/release-on-tag.yaml
@@ -40,7 +40,7 @@ jobs:
           install_goreleaser: 'false'
 
       - name: Build CLI
-        uses: goreleaser/goreleaser-action@ec59f474b9834571250b370d4735c50f8e2d1e29  # v7.0.0
+        uses: goreleaser/goreleaser-action@e24998b8b67b290c2fa8b7c14fcfa7de2c5c9b8c  # v7.1.0
         with:
           distribution: goreleaser
           version: '~> v2'
diff --git a/.github/workflows/scan-on-schedule.yaml b/.github/workflows/scan-on-schedule.yaml
index 8f6da60..6b2500d 100644
--- a/.github/workflows/scan-on-schedule.yaml
+++ b/.github/workflows/scan-on-schedule.yaml
@@ -43,7 +43,7 @@ jobs:
           persist-credentials: false
 
       - name: Scan Repo
-        uses: aquasecurity/trivy-action@57a97c7e7821a5776cebc9bb87c984fa69cba8f1  # v0.35.0
+        uses: aquasecurity/trivy-action@ed142fd0673e97e23eac54620cfb913e5ce36c25  # v0.36.0
         with:
           scan-type: 'fs'
           scan-ref: '.'
@@ -68,7 +68,7 @@ jobs:
 
       - name: Upload Report
         if: steps.check_sarif.outputs.exists == 'true'
-        uses: github/codeql-action/upload-sarif@c10b8064de6f491fea524254123dbe5e09572f13  # v4.35.1
+        uses: github/codeql-action/upload-sarif@95e58e9a2cdfd71adc6e0353d5c52f41a045d225  # v4.35.2
         with:
           sarif_file: ${{ env.SARIF_OUTPUT }}
           category: 'Trivy Vulnerability Scan'
diff --git a/.github/workflows/score-on-schedule.yaml b/.github/workflows/score-on-schedule.yaml
index b93c861..64afb17 100644
--- a/.github/workflows/score-on-schedule.yaml
+++ b/.github/workflows/score-on-schedule.yaml
@@ -43,6 +43,6 @@ jobs:
           retention-days: 5
 
       - name: Upload to code-scanning
-        uses: github/codeql-action/upload-sarif@c10b8064de6f491fea524254123dbe5e09572f13  # v4.35.1
+        uses: github/codeql-action/upload-sarif@95e58e9a2cdfd71adc6e0353d5c52f41a045d225  # v4.35.2
         with:
           sarif_file: results.sarif