diff --git a/.github/workflows/auto-update-contributors.yml b/.github/workflows/auto-update-contributors.yml
index 95ba1021..fdfdbbb2 100644
--- a/.github/workflows/auto-update-contributors.yml
+++ b/.github/workflows/auto-update-contributors.yml
@@ -18,7 +18,7 @@ jobs:
     timeout-minutes: 5
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v2
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
 
       - name: Check for existing open contributors pull request
         id: check_pr
diff --git a/.github/workflows/cache-trunk.yml b/.github/workflows/cache-trunk.yml
index 32d189b0..1977aa63 100644
--- a/.github/workflows/cache-trunk.yml
+++ b/.github/workflows/cache-trunk.yml
@@ -20,7 +20,7 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
       - name: Trunk Check
         uses: trunk-io/trunk-action@86b68ffae610a05105e90b1f52ad8c549ef482c2 # v1
         with:
diff --git a/.github/workflows/lint-post-annotations.yml b/.github/workflows/lint-post-annotations.yml
index f9cffdc6..7e41da8e 100644
--- a/.github/workflows/lint-post-annotations.yml
+++ b/.github/workflows/lint-post-annotations.yml
@@ -14,7 +14,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
 
       - name: Trunk Check
         uses: trunk-io/trunk-action@86b68ffae610a05105e90b1f52ad8c549ef482c2 # v1.1.16
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 5f1f9bd2..26173146 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -14,7 +14,7 @@ jobs:
     runs-on: ubuntu-latest
     timeout-minutes: 15
     steps:
-      - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3
+      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
 
       # https://github.com/magnetikonline/action-golang-cache
       - name: Setup Golang with cache
diff --git a/.github/workflows/scan.yml b/.github/workflows/scan.yml
index 9d04cc8b..30b5b00a 100644
--- a/.github/workflows/scan.yml
+++ b/.github/workflows/scan.yml
@@ -21,7 +21,7 @@ jobs:
   scan:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3
+      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
       - name: set-aqua-policy-if-file-exists
         run: |
           if [ -f aqua-policy.yaml ]; then
@@ -72,7 +72,7 @@ jobs:
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index ad3bdd77..4a64bf56 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -33,7 +33,7 @@ jobs:
     runs-on: ubuntu-latest
     timeout-minutes: 5
     steps:
-      - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3
+      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
       - name: set-aqua-policy-if-file-exists
         run: |
           if [ -f aqua-policy.yaml ]; then