diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index 8d81190b..1c7bbb73 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -38,16 +38,16 @@ jobs:
           persist-credentials: false
 
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@b1bff81932f5cdfc8695c7752dcee935dcd061c8 # v4.33.0
+        uses: github/codeql-action/init@38697555549f1db7851b81482ff19f1fa5c4fedc # v4.34.1
         with:
           languages: ${{ matrix.language }}
           queries: security-extended,security-and-quality
 
       - name: Autobuild
-        uses: github/codeql-action/autobuild@b1bff81932f5cdfc8695c7752dcee935dcd061c8 # v4.33.0
+        uses: github/codeql-action/autobuild@38697555549f1db7851b81482ff19f1fa5c4fedc # v4.34.1
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@b1bff81932f5cdfc8695c7752dcee935dcd061c8 # v4.33.0
+        uses: github/codeql-action/analyze@38697555549f1db7851b81482ff19f1fa5c4fedc # v4.34.1
         with:
           category: "/language:${{ matrix.language }}"
 
diff --git a/.github/workflows/dast-zap-scan.yml b/.github/workflows/dast-zap-scan.yml
index 91ed3c75..d796844e 100644
--- a/.github/workflows/dast-zap-scan.yml
+++ b/.github/workflows/dast-zap-scan.yml
@@ -64,7 +64,7 @@ jobs:
 
       - name: Upload SARIF to Security tab
         if: always()
-        uses: github/codeql-action/upload-sarif@b1bff81932f5cdfc8695c7752dcee935dcd061c8 # v4.33.0
+        uses: github/codeql-action/upload-sarif@38697555549f1db7851b81482ff19f1fa5c4fedc # v4.34.1
         continue-on-error: true
         with:
           sarif_file: results/zap-results.sarif
diff --git a/.github/workflows/dataviewer-backend-pytests.yml b/.github/workflows/dataviewer-backend-pytests.yml
index aa55aaf9..64c6d7e7 100644
--- a/.github/workflows/dataviewer-backend-pytests.yml
+++ b/.github/workflows/dataviewer-backend-pytests.yml
@@ -55,7 +55,7 @@ jobs:
 
       - name: Upload coverage to Codecov
         if: ${{ inputs.code-coverage && always() }}
-        uses: codecov/codecov-action@671740ac38dd9b0130fbe1cec585b89eea48d3de # v5.5.2
+        uses: codecov/codecov-action@1af58845a975a7985b0beb0cbe6fbbb71a41dbad # v5.5.3
         with:
           files: coverage.xml
           use_oidc: true
diff --git a/.github/workflows/dataviewer-frontend-tests.yml b/.github/workflows/dataviewer-frontend-tests.yml
index 5ac08972..c31d8fc4 100644
--- a/.github/workflows/dataviewer-frontend-tests.yml
+++ b/.github/workflows/dataviewer-frontend-tests.yml
@@ -68,7 +68,7 @@ jobs:
 
       - name: Upload coverage to Codecov
         if: ${{ inputs.code-coverage && always() }}
-        uses: codecov/codecov-action@671740ac38dd9b0130fbe1cec585b89eea48d3de # v5.5.2
+        uses: codecov/codecov-action@1af58845a975a7985b0beb0cbe6fbbb71a41dbad # v5.5.3
         with:
           files: coverage/cobertura-coverage.xml
           use_oidc: true
diff --git a/.github/workflows/dependency-pinning-scan.yml b/.github/workflows/dependency-pinning-scan.yml
index 94759530..83665a4e 100644
--- a/.github/workflows/dependency-pinning-scan.yml
+++ b/.github/workflows/dependency-pinning-scan.yml
@@ -158,7 +158,7 @@ jobs:
 
       - name: Upload SARIF to Security tab
         if: inputs.upload-sarif && always()
-        uses: github/codeql-action/upload-sarif@b1bff81932f5cdfc8695c7752dcee935dcd061c8 # v4.33.0
+        uses: github/codeql-action/upload-sarif@38697555549f1db7851b81482ff19f1fa5c4fedc # v4.34.1
         with:
           sarif_file: logs/dependency-pinning-results.sarif
           category: dependency-pinning
diff --git a/.github/workflows/gitleaks-scan.yml b/.github/workflows/gitleaks-scan.yml
index 53e5fc32..9640560d 100644
--- a/.github/workflows/gitleaks-scan.yml
+++ b/.github/workflows/gitleaks-scan.yml
@@ -94,7 +94,7 @@ jobs:
 
       - name: Upload SARIF to Security tab
         if: always()
-        uses: github/codeql-action/upload-sarif@b1bff81932f5cdfc8695c7752dcee935dcd061c8 # v4.33.0
+        uses: github/codeql-action/upload-sarif@38697555549f1db7851b81482ff19f1fa5c4fedc # v4.34.1
         with:
           sarif_file: logs/gitleaks-results.sarif
           category: gitleaks
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index 44d244db..94ac798d 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -364,7 +364,7 @@ jobs:
         shell: bash
 
       - name: Generate SBOM
-        uses: anchore/sbom-action@57aae528053a48a3f6235f2d9461b05fbcb7366d  # v0.23.1
+        uses: anchore/sbom-action@e22c389904149dbc22b58101806040fa8d37a610  # v0.24.0
         with:
           path: .
           format: spdx-json
diff --git a/.github/workflows/pester-tests.yml b/.github/workflows/pester-tests.yml
index 4b92a844..da8f64a2 100644
--- a/.github/workflows/pester-tests.yml
+++ b/.github/workflows/pester-tests.yml
@@ -190,7 +190,7 @@ jobs:
 
       - name: Upload to Codecov
         if: matrix.os == 'ubuntu-latest' && inputs.code-coverage && always() && steps.pester.outcome != 'skipped'
-        uses: codecov/codecov-action@671740ac38dd9b0130fbe1cec585b89eea48d3de # v5.5.2
+        uses: codecov/codecov-action@1af58845a975a7985b0beb0cbe6fbbb71a41dbad # v5.5.3
         with:
           use_oidc: true
           files: logs/coverage.xml
diff --git a/.github/workflows/pytest-tests.yml b/.github/workflows/pytest-tests.yml
index 5691660e..4c48853e 100644
--- a/.github/workflows/pytest-tests.yml
+++ b/.github/workflows/pytest-tests.yml
@@ -49,7 +49,7 @@ jobs:
 
       - name: Upload coverage to Codecov
         if: ${{ inputs.code-coverage && always() }}
-        uses: codecov/codecov-action@671740ac38dd9b0130fbe1cec585b89eea48d3de # v5.5.2
+        uses: codecov/codecov-action@1af58845a975a7985b0beb0cbe6fbbb71a41dbad # v5.5.3
         with:
           files: coverage.xml
           use_oidc: true
diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml
index facf6eb0..3c8f20bb 100644
--- a/.github/workflows/scorecard.yml
+++ b/.github/workflows/scorecard.yml
@@ -38,7 +38,7 @@ jobs:
           publish_results: true
 
       - name: Upload SARIF to Security tab
-        uses: github/codeql-action/upload-sarif@b1bff81932f5cdfc8695c7752dcee935dcd061c8 # v4.33.0
+        uses: github/codeql-action/upload-sarif@38697555549f1db7851b81482ff19f1fa5c4fedc # v4.34.1
         continue-on-error: true
         with:
           sarif_file: results.sarif
diff --git a/.github/workflows/terraform-tests.yml b/.github/workflows/terraform-tests.yml
index b81a9576..9cb7ed6b 100644
--- a/.github/workflows/terraform-tests.yml
+++ b/.github/workflows/terraform-tests.yml
@@ -44,7 +44,7 @@ jobs:
         run: New-Item -ItemType Directory -Force -Path logs | Out-Null
 
       - name: Setup Terraform
-        uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd # v3.1.2
+        uses: hashicorp/setup-terraform@5e8dbf3c6d9deaf4193ca7a8fb23f2ac83bb6c85 # v4.0.0
         with:
           terraform_wrapper: false
 
@@ -74,7 +74,7 @@ jobs:
 
       - name: Upload to Codecov
         if: inputs.code-coverage && always() && steps.terraform-tests.outcome != 'skipped'
-        uses: codecov/codecov-action@671740ac38dd9b0130fbe1cec585b89eea48d3de # v5.5.2
+        uses: codecov/codecov-action@1af58845a975a7985b0beb0cbe6fbbb71a41dbad # v5.5.3
         with:
           use_oidc: true
           report_type: test_results
diff --git a/.github/workflows/terraform-validation.yml b/.github/workflows/terraform-validation.yml
index fa3d3988..9ca31e79 100644
--- a/.github/workflows/terraform-validation.yml
+++ b/.github/workflows/terraform-validation.yml
@@ -38,7 +38,7 @@ jobs:
         run: New-Item -ItemType Directory -Force -Path logs | Out-Null
 
       - name: Setup Terraform
-        uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd # v3.1.2
+        uses: hashicorp/setup-terraform@5e8dbf3c6d9deaf4193ca7a8fb23f2ac83bb6c85 # v4.0.0
         with:
           terraform_wrapper: false