diff --git a/.github/workflows/build-os-image.yml b/.github/workflows/build-os-image.yml
index db9777150a..71a3f530ae 100644
--- a/.github/workflows/build-os-image.yml
+++ b/.github/workflows/build-os-image.yml
@@ -637,7 +637,7 @@ jobs:
           echo "::endgroup::"
 
       - name: Create SBOM in SPDX fromat
-        uses: anchore/sbom-action@54e36e45f34bc64728f51adb8044404daca492a6 # v0.13.2
+        uses: anchore/sbom-action@07978da4bdb4faa726e52dfc6b1bed63d4b56479 # v0.13.3
         with:
           path: image.root.tree
           artifact-name: sbom.spdx.json
@@ -645,7 +645,7 @@ jobs:
           format: spdx-json
 
       - name: Create SBOM in CycloneDX fromat
-        uses: anchore/sbom-action@54e36e45f34bc64728f51adb8044404daca492a6 # v0.13.2
+        uses: anchore/sbom-action@07978da4bdb4faa726e52dfc6b1bed63d4b56479 # v0.13.3
         with:
           path: image.root.tree
           artifact-name: sbom.cyclonedx.json
@@ -653,7 +653,7 @@ jobs:
           format: cyclonedx-json
 
       - name: Create SBOM in  Syft fromat
-        uses: anchore/sbom-action@54e36e45f34bc64728f51adb8044404daca492a6 # v0.13.2
+        uses: anchore/sbom-action@07978da4bdb4faa726e52dfc6b1bed63d4b56479 # v0.13.3
         with:
           path: image.root.tree
           artifact-name: sbom.syft.json
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index be92b33dd5..e1dfb2a0b1 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -38,7 +38,7 @@ jobs:
           go-version: "1.19.5"
 
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@a34ca99b4610d924e04c68db79e503e1f79f9f02 # v2.1.39
+        uses: github/codeql-action/init@3ebbd71c74ef574dbc558c82f70e52732c8b44fe # v2.2.1
         with:
           languages: ${{ matrix.language }}
 
@@ -57,9 +57,9 @@ jobs:
           echo "::endgroup::"
 
       - name: Autobuild
-        uses: github/codeql-action/autobuild@a34ca99b4610d924e04c68db79e503e1f79f9f02 # v2.1.39
+        uses: github/codeql-action/autobuild@3ebbd71c74ef574dbc558c82f70e52732c8b44fe # v2.2.1
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@a34ca99b4610d924e04c68db79e503e1f79f9f02 # v2.1.39
+        uses: github/codeql-action/analyze@3ebbd71c74ef574dbc558c82f70e52732c8b44fe # v2.2.1
         with:
           category: "/language:${{ matrix.language }}"
diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml
index 3d86fa474d..bb4fa96cbd 100644
--- a/.github/workflows/scorecard.yml
+++ b/.github/workflows/scorecard.yml
@@ -39,6 +39,6 @@ jobs:
           retention-days: 5
 
       - name: Upload to code-scanning
-        uses: github/codeql-action/upload-sarif@a34ca99b4610d924e04c68db79e503e1f79f9f02 # v2.1.39
+        uses: github/codeql-action/upload-sarif@3ebbd71c74ef574dbc558c82f70e52732c8b44fe # v2.2.1
         with:
           sarif_file: results.sarif