diff --git a/.github/workflows/container-publish.yml b/.github/workflows/container-publish.yml
index 795dbe0..96ee0c8 100644
--- a/.github/workflows/container-publish.yml
+++ b/.github/workflows/container-publish.yml
@@ -87,13 +87,13 @@ jobs:
 
       # Build provenance attestations
       - name: Attest Container Image
-        uses: actions/attest-build-provenance@96278af6caaf10aea03fd8d33a09a777ca52d62f  # v3.2.0
+        uses: actions/attest-build-provenance@a2bbfa25375fe432b6a289bc6b6cd05ecd0c4c32  # v4.1.0
         with:
           subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
           subject-digest: ${{ steps.build.outputs.digest }}
           push-to-registry: true
 
       # - name: Attest Container SBOM
-      #   uses: actions/attest-build-provenance@96278af6caaf10aea03fd8d33a09a777ca52d62f  # v3.2.0
+      #   uses: actions/attest-build-provenance@a2bbfa25375fe432b6a289bc6b6cd05ecd0c4c32  # v4.1.0
       #   with:
       #     subject-path:: '*.spdx.json'
diff --git a/.github/workflows/container-security.yml b/.github/workflows/container-security.yml
index 3a3e30d..b88526d 100644
--- a/.github/workflows/container-security.yml
+++ b/.github/workflows/container-security.yml
@@ -60,7 +60,7 @@ jobs:
           fail-build: ${{ inputs.scanning-block }}
 
       - name: Upload SARIF artifact
-        uses: actions/upload-artifact@v6
+        uses: actions/upload-artifact@v7
         with:
           name: sarif
           path: ${{ steps.scan.outputs.sarif }}