diff --git a/.github/workflows/.reusable-sast.yml b/.github/workflows/.reusable-sast.yml
index 2a7ef1e4a..2e94c5edc 100644
--- a/.github/workflows/.reusable-sast.yml
+++ b/.github/workflows/.reusable-sast.yml
@@ -128,7 +128,7 @@ jobs:
           helm template helm > deployment/deployment.yaml
         shell: bash
       - name: Scan
-        uses: bridgecrewio/checkov-action@558f721c4bd65a6fc59b02448ffc792eb721cb9b # v12.2580.0
+        uses: bridgecrewio/checkov-action@93e6fa1977e0974dc1f31c155680f89d1fb5de97 # v12.2586.0
         with:
           soft_fail: true
           output_format: cli,sarif
diff --git a/.github/workflows/.reusable-sca.yml b/.github/workflows/.reusable-sca.yml
index b672613c9..49dbd1128 100644
--- a/.github/workflows/.reusable-sca.yml
+++ b/.github/workflows/.reusable-sca.yml
@@ -97,7 +97,7 @@ jobs:
           username: ${{ inputs.repo_owner }}
           password: ${{ secrets.GITHUB_TOKEN }}
       - name: Run
-        uses: anchore/sbom-action@78fc58e266e87a38d4194b2137a3d4e9bcaf7ca1 # v0.14.3
+        uses: anchore/sbom-action@fd74a6fb98a204a1ad35bbfae0122c1a302ff88b # v0.15.0
         with:
           image: ${{ inputs.image }}
           format: cyclonedx-json