diff --git a/.github/actions/install-tools/action.yaml b/.github/actions/install-tools/action.yaml
index 951c7c425..ded31b05f 100644
--- a/.github/actions/install-tools/action.yaml
+++ b/.github/actions/install-tools/action.yaml
@@ -7,9 +7,9 @@ description: "Install pipeline tools"
 runs:
   using: composite
   steps:
-    - uses: sigstore/cosign-installer@398d4b0eeef1380460a10c8013a76f728fb906ac # v3.9.1
+    - uses: sigstore/cosign-installer@d58896d6a1865668819e1d91763c7751a165e159 # v3.9.2
 
-    - uses: anchore/sbom-action/download-syft@cee1b8e05ae5b2593a75e197229729eabaa9f8ec # v0.20.2
+    - uses: anchore/sbom-action/download-syft@7b36ad622f042cab6f59a75c2ac24ccb256e9b45 # v0.20.4
 
     - run: "curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s -- -b /usr/local/bin"
       shell: bash
diff --git a/.github/actions/install-uds-cli/action.yaml b/.github/actions/install-uds-cli/action.yaml
index 3a3459471..37f7d4bf0 100644
--- a/.github/actions/install-uds-cli/action.yaml
+++ b/.github/actions/install-uds-cli/action.yaml
@@ -7,7 +7,7 @@ runs:
   using: composite
   steps:
   - name: Set up Homebrew
-    uses: Homebrew/actions/setup-homebrew@a4f5468cdddb5fc17abe51bce07b087c90493cfc # master
+    uses: Homebrew/actions/setup-homebrew@6c79ae0677a9b0b8046a936b4ada8980885eafb8 # master
 
   - name: Install UDS CLI
     shell: bash
diff --git a/.github/workflows/dependency-check.yml b/.github/workflows/dependency-check.yml
index ef18ac6c9..13f6ccc68 100644
--- a/.github/workflows/dependency-check.yml
+++ b/.github/workflows/dependency-check.yml
@@ -23,7 +23,7 @@ jobs:
         - name: Checkout
           uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
-        - uses: anchore/scan-action@16910ac423301c6d30554b83a7f71ac6ff4a51f3 # v6
+        - uses: anchore/scan-action@df395807f4554463d4455b8047cf58e37b6acaae # v6
           id: scan
           with:
             path: "."
diff --git a/.github/workflows/parallel-tests.yaml b/.github/workflows/parallel-tests.yaml
index 2ce17e4e6..a9ebeae45 100644
--- a/.github/workflows/parallel-tests.yaml
+++ b/.github/workflows/parallel-tests.yaml
@@ -164,7 +164,7 @@ jobs:
         with:
           fetch-depth: 0
 
-      - uses: actions/setup-node@08f58d1471bff7f3a07d167b4ad7df25d5fcfcb6
+      - uses: actions/setup-node@7e24a656e1c7a0d6f3eaef8d8e84ae379a5b035b
         with:
           node-version: 20
 
diff --git a/.github/workflows/scan-codeql.yaml b/.github/workflows/scan-codeql.yaml
index af926eda8..5c206e256 100644
--- a/.github/workflows/scan-codeql.yaml
+++ b/.github/workflows/scan-codeql.yaml
@@ -51,7 +51,7 @@ jobs:
         run: uds run build-cli-linux-amd
 
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@181d5eefc20863364f96762470ba6f862bdef56b # v3.29.2
+        uses: github/codeql-action/init@d6bbdef45e766d081b84a2def353b0055f728d3e # v3.29.3
         env:
           CODEQL_EXTRACTOR_GO_BUILD_TRACING: on
         with:
@@ -60,6 +60,6 @@ jobs:
 
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@181d5eefc20863364f96762470ba6f862bdef56b # v3.29.2
+        uses: github/codeql-action/analyze@d6bbdef45e766d081b84a2def353b0055f728d3e # v3.29.3
         with:
           category: "/language:${{matrix.language}}"
diff --git a/.github/workflows/scorecard.yaml b/.github/workflows/scorecard.yaml
index 4c8927748..578f57d4a 100644
--- a/.github/workflows/scorecard.yaml
+++ b/.github/workflows/scorecard.yaml
@@ -47,6 +47,6 @@ jobs:
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@181d5eefc20863364f96762470ba6f862bdef56b # v3.29.2
+        uses: github/codeql-action/upload-sarif@d6bbdef45e766d081b84a2def353b0055f728d3e # v3.29.3
         with:
           sarif_file: results.sarif