diff --git a/.github/workflows/scans.yml b/.github/workflows/scans.yml
index aeda2ef7..07840d57 100644
--- a/.github/workflows/scans.yml
+++ b/.github/workflows/scans.yml
@@ -125,7 +125,7 @@ jobs:
       - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
 
       - id: grype
-        uses: anchore/scan-action@8d2fce09422cd6037e577f4130e9b925e9a37175 # v7
+        uses: anchore/scan-action@7037fa011853d5a11690026fb85feee79f4c946c # v7
         with:
           path: .
           fail-build: ${{ github.event_name == 'pull_request' }}
@@ -155,7 +155,7 @@ jobs:
           load: true
 
       - id: grype
-        uses: anchore/scan-action@8d2fce09422cd6037e577f4130e9b925e9a37175 # v7
+        uses: anchore/scan-action@7037fa011853d5a11690026fb85feee79f4c946c # v7
         with:
           image: ${{ env.IMAGE_ID }}
           fail-build: ${{ github.event_name == 'pull_request' }}
@@ -292,13 +292,13 @@ jobs:
     steps:
       - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
 
-      - uses: anchore/sbom-action@deef08a0db64bfad603422135db61477b16cef56 # v0
+      - uses: anchore/sbom-action@28d71544de8eaf1b958d335707167c5f783590ad # v0
         with:
           output-file: "${{ github.event.repository.name }}-sbom.spdx.json"
           dependency-snapshot: true
 
       - id: grype
-        uses: anchore/scan-action@8d2fce09422cd6037e577f4130e9b925e9a37175 # v7
+        uses: anchore/scan-action@7037fa011853d5a11690026fb85feee79f4c946c # v7
         with:
           sbom: "${{ github.event.repository.name }}-sbom.spdx.json"
           fail-build: ${{ github.event_name == 'pull_request' }}
@@ -390,7 +390,7 @@ jobs:
         with:
           fetch-depth: (${{ github.event.pull_request.commits || 2 }} + 1)
 
-      - uses: trufflesecurity/trufflehog@116e7171542d2f1dad8810f00dcfacbe0b809183 # v3
+      - uses: trufflesecurity/trufflehog@7f4e37db2d928c18ddd7ddf0604f8f7d1f5793ec # v3
         with:
           extra_args: --results=verified,unknown