diff --git a/.github/workflows/security-scan.yml b/.github/workflows/security-scan.yml
index 18e8bc2..d2c47ed 100644
--- a/.github/workflows/security-scan.yml
+++ b/.github/workflows/security-scan.yml
@@ -54,7 +54,7 @@ jobs:
           list-all-pkgs: true
 
       - name: Upload Trivy results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@v3
+        uses: github/codeql-action/upload-sarif@v4
         if: always()
         with:
           sarif_file: trivy-results-${{ matrix.QUARTO_VERSION }}.sarif