diff --git a/.github/workflows/run-trivy.yaml b/.github/workflows/run-trivy.yaml
index d8e7b1769..851cc2bd3 100644
--- a/.github/workflows/run-trivy.yaml
+++ b/.github/workflows/run-trivy.yaml
@@ -39,6 +39,6 @@ jobs:
       # Upload the results to GitHub's code scanning dashboard.
       # https://github.com/github/codeql-action
       - name: Upload Trivy scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@4355270be187e1b672a7a1c7c7bae5afdc1ab94a # v3.24.10
+        uses: github/codeql-action/upload-sarif@df5a14dc28094dc936e103b37d749c6628682b60 # v3.25.0
         with:
           sarif_file: trivy-results.sarif
diff --git a/.github/workflows/scorecards.yaml b/.github/workflows/scorecards.yaml
index 7a7bf8d41..38d678287 100644
--- a/.github/workflows/scorecards.yaml
+++ b/.github/workflows/scorecards.yaml
@@ -81,6 +81,6 @@ jobs:
       # Upload the results to GitHub's code scanning dashboard.
       # https://github.com/github/codeql-action
       - name: Upload to code-scanning
-        uses: github/codeql-action/upload-sarif@4355270be187e1b672a7a1c7c7bae5afdc1ab94a # v3.24.10
+        uses: github/codeql-action/upload-sarif@df5a14dc28094dc936e103b37d749c6628682b60 # v3.25.0
         with:
           sarif_file: results.sarif