diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index c1722e381..f61cd416a 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -163,7 +163,7 @@ jobs:
 
       - name: Scan SBOM
         id: scan
-        uses: anchore/scan-action@64a33b277ea7a1215a3c142735a1091341939ff5 # v4.1.2
+        uses: anchore/scan-action@49e50b215b647c5ec97abb66f69af73c46a4ca08 # v5.0.1
         with:
           sbom: "sbom-${{ inputs.image }}.json"
           only-fixed: true