diff --git a/.github/workflows/security-pr.yml b/.github/workflows/security-pr.yml
index 23d770a9b..f4084c2ba 100644
--- a/.github/workflows/security-pr.yml
+++ b/.github/workflows/security-pr.yml
@@ -231,7 +231,7 @@ jobs:
       - name: Upload Trivy SARIF to GitHub Security
         if: steps.check-artifact.outputs.artifact_exists == 'true'
         # github/codeql-action v4
-        uses: github/codeql-action/upload-sarif@f985be5b50bd175586d44aac9ac52926adf12893
+        uses: github/codeql-action/upload-sarif@f52cbc83091da34ce9a8ae0e3db2f977e8d4ecb2
         with:
           sarif_file: 'trivy-binary-results.sarif'
           category: ${{ steps.pr-info.outputs.is_push == 'true' && format('security-scan-{0}', github.event.workflow_run.head_branch) || format('security-scan-pr-{0}', steps.pr-info.outputs.pr_number) }}
diff --git a/.github/workflows/supply-chain-pr.yml b/.github/workflows/supply-chain-pr.yml
index 3a041ee22..3d1f9b1ac 100644
--- a/.github/workflows/supply-chain-pr.yml
+++ b/.github/workflows/supply-chain-pr.yml
@@ -296,7 +296,7 @@ jobs:
       - name: Upload SARIF to GitHub Security
         if: steps.check-artifact.outputs.artifact_found == 'true'
         # github/codeql-action v4
-        uses: github/codeql-action/upload-sarif@f985be5b50bd175586d44aac9ac52926adf12893
+        uses: github/codeql-action/upload-sarif@f52cbc83091da34ce9a8ae0e3db2f977e8d4ecb2
         continue-on-error: true
         with:
           sarif_file: grype-results.sarif