diff --git a/.github/workflows/ci-build.yaml b/.github/workflows/ci-build.yaml
index e453043dce6..2f434c46d9a 100644
--- a/.github/workflows/ci-build.yaml
+++ b/.github/workflows/ci-build.yaml
@@ -47,7 +47,7 @@ jobs:
     runs-on: ubuntu-16-core
     needs: changes
     container:
-      image: ghcr.io/wolfi-dev/sdk:latest@sha256:ec70f835c3885d831ae1e5ba08425e0ec08ad2e55ed9b46f5dd5faff459e713c
+      image: ghcr.io/wolfi-dev/sdk:latest@sha256:58058c6f8438e61b24617b96f1a2c9826243e63a1378fc0ec6d65187356a5161
       options: |
         --cap-add NET_ADMIN --cap-add SYS_ADMIN --security-opt seccomp=unconfined --security-opt apparmor:unconfined
 
@@ -87,7 +87,7 @@ jobs:
       - name: Check sonames
         id: soname
         if: steps.file_check.outputs.exists == 'true'
-        uses: docker://ghcr.io/wolfi-dev/wolfictl:latest@sha256:7ecc6df747004f569ea48b5d5e44eaa8326d40447556075b57c44f4572fe78c2
+        uses: docker://ghcr.io/wolfi-dev/wolfictl:latest@sha256:6d228e1857362cb1e7818187d297bdeb59ba51515c839baa40d039e5982ce4c2
         with:
           entrypoint: wolfictl
           args: check so-name
@@ -97,7 +97,7 @@ jobs:
         if: steps.file_check.outputs.exists == 'true'
         # Let's not fail the whole job if this step fails as it is for improved UX rather than an enforced check
         continue-on-error: true
-        uses: docker://ghcr.io/wolfi-dev/wolfictl:latest@sha256:7ecc6df747004f569ea48b5d5e44eaa8326d40447556075b57c44f4572fe78c2
+        uses: docker://ghcr.io/wolfi-dev/wolfictl:latest@sha256:6d228e1857362cb1e7818187d297bdeb59ba51515c839baa40d039e5982ce4c2
         with:
           entrypoint: wolfictl
           args: check diff
diff --git a/.github/workflows/dag-push-production.yaml b/.github/workflows/dag-push-production.yaml
index a565905ebc6..cc5e1986f79 100644
--- a/.github/workflows/dag-push-production.yaml
+++ b/.github/workflows/dag-push-production.yaml
@@ -152,7 +152,7 @@ jobs:
             --cpu=30 --ram=100Gi \
             --bucket=${BUCKET} \
             --src-bucket=${SRC_BUCKET} \
-            --sdk-image ghcr.io/wolfi-dev/sdk:latest@sha256:ec70f835c3885d831ae1e5ba08425e0ec08ad2e55ed9b46f5dd5faff459e713c \
+            --sdk-image ghcr.io/wolfi-dev/sdk:latest@sha256:58058c6f8438e61b24617b96f1a2c9826243e63a1378fc0ec6d65187356a5161 \
             --pending-timeout=10m \
             --secret-key \
             --arch=arm64
diff --git a/.github/workflows/wolfictl-check-update.yaml b/.github/workflows/wolfictl-check-update.yaml
index b481dda7433..bca71d904b2 100644
--- a/.github/workflows/wolfictl-check-update.yaml
+++ b/.github/workflows/wolfictl-check-update.yaml
@@ -28,7 +28,7 @@ jobs:
     - name: Check
       id: check
       if: ${{ steps.files.outputs.all_changed_files != '' }}
-      uses: docker://ghcr.io/wolfi-dev/wolfictl:latest@sha256:7ecc6df747004f569ea48b5d5e44eaa8326d40447556075b57c44f4572fe78c2
+      uses: docker://ghcr.io/wolfi-dev/wolfictl:latest@sha256:6d228e1857362cb1e7818187d297bdeb59ba51515c839baa40d039e5982ce4c2
       env:
         GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
       with:
diff --git a/.github/workflows/wolfictl-lint.yaml b/.github/workflows/wolfictl-lint.yaml
index f75723b92c8..63abe9f3176 100644
--- a/.github/workflows/wolfictl-lint.yaml
+++ b/.github/workflows/wolfictl-lint.yaml
@@ -19,13 +19,13 @@ jobs:
     - uses: actions/checkout@v3
     - name: Lint
       id: lint
-      uses: docker://ghcr.io/wolfi-dev/wolfictl:latest@sha256:7ecc6df747004f569ea48b5d5e44eaa8326d40447556075b57c44f4572fe78c2
+      uses: docker://ghcr.io/wolfi-dev/wolfictl:latest@sha256:6d228e1857362cb1e7818187d297bdeb59ba51515c839baa40d039e5982ce4c2
       with:
         entrypoint: wolfictl
         args: lint
     - name: Enforce YAML formatting
       id: lint-yaml
-      uses: docker://ghcr.io/wolfi-dev/wolfictl:latest@sha256:7ecc6df747004f569ea48b5d5e44eaa8326d40447556075b57c44f4572fe78c2
+      uses: docker://ghcr.io/wolfi-dev/wolfictl:latest@sha256:6d228e1857362cb1e7818187d297bdeb59ba51515c839baa40d039e5982ce4c2
       with:
         entrypoint: wolfictl
         args: lint yam
diff --git a/.github/workflows/wolfictl-update-gh.yaml b/.github/workflows/wolfictl-update-gh.yaml
index 97d191700ec..27c95751a5b 100644
--- a/.github/workflows/wolfictl-update-gh.yaml
+++ b/.github/workflows/wolfictl-update-gh.yaml
@@ -23,7 +23,7 @@ jobs:
     steps:
     - uses: actions/checkout@v3
 
-    - uses: docker://ghcr.io/wolfi-dev/wolfictl:latest@sha256:7ecc6df747004f569ea48b5d5e44eaa8326d40447556075b57c44f4572fe78c2
+    - uses: docker://ghcr.io/wolfi-dev/wolfictl:latest@sha256:6d228e1857362cb1e7818187d297bdeb59ba51515c839baa40d039e5982ce4c2
       with:
         entrypoint: wolfictl
         args: update https://github.com/${{github.repository}} --release-monitoring-query=false --github-labels request-version-update --github-labels "automated pr"
diff --git a/.github/workflows/wolfictl-update-rm.yaml b/.github/workflows/wolfictl-update-rm.yaml
index 75eadd1868d..2ddb894ef63 100644
--- a/.github/workflows/wolfictl-update-rm.yaml
+++ b/.github/workflows/wolfictl-update-rm.yaml
@@ -23,7 +23,7 @@ jobs:
     steps:
     - uses: actions/checkout@v3
 
-    - uses: docker://ghcr.io/wolfi-dev/wolfictl:latest@sha256:7ecc6df747004f569ea48b5d5e44eaa8326d40447556075b57c44f4572fe78c2
+    - uses: docker://ghcr.io/wolfi-dev/wolfictl:latest@sha256:6d228e1857362cb1e7818187d297bdeb59ba51515c839baa40d039e5982ce4c2
       with:
         entrypoint: wolfictl
         args: update https://github.com/${{github.repository}} --github-release-query=false --github-labels request-version-update --github-labels "automated pr"