diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index ef4ac1f..b3e6269 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -3,21 +3,30 @@ name: Code Scanning
 
 on:
   push:
+    branches: [ "main" ]
+  pull_request:
+    types: [opened, synchronize, reopened, ready_for_review]
+    # The branches below must be a subset of the branches above
+    branches: [ "main" ]
   schedule:
-    - cron: "17 0 * * 0"
+    - cron: '32 13 * * 4'
 
 jobs:
   CodeQL-Build:
     runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
 
     steps:
       - name: Check out code
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
 
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@v1
+        uses: github/codeql-action/init@v2
         with:
           languages: go
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@v1
+        uses: github/codeql-action/analyze@v2
diff --git a/.github/workflows/go.yml b/.github/workflows/go.yml
index 1d6da13..0ffcf69 100644
--- a/.github/workflows/go.yml
+++ b/.github/workflows/go.yml
@@ -23,12 +23,12 @@ jobs:
     steps:
 
     - name: Set up Go ${{ matrix.node }}
-      uses: actions/setup-go@v2
+      uses: actions/setup-go@v4
       with:
         go-version: ${{ matrix.go }}
 
     - name: Check out code
-      uses: actions/checkout@v2
+      uses: actions/checkout@v4
 
     - name: Download dependencies
       run: go mod download
diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
index 1abacd5..f17f9ca 100644
--- a/.github/workflows/lint.yml
+++ b/.github/workflows/lint.yml
@@ -20,12 +20,12 @@ jobs:
     steps:
 
     - name: Set up Go 1.x
-      uses: actions/setup-go@v2
+      uses: actions/setup-go@v4
       with:
         go-version: "1.21.x"
 
     - name: Check out code
-      uses: actions/checkout@v2
+      uses: actions/checkout@v4
 
     - name: Verify dependencies
       run: |