diff --git a/.github/workflows/trivy-scan.yml b/.github/workflows/trivy-scan.yml
index 05dc3c54..4c6a144e 100644
--- a/.github/workflows/trivy-scan.yml
+++ b/.github/workflows/trivy-scan.yml
@@ -33,6 +33,6 @@ jobs:
         output: 'trivy-results.sarif'
         ignore-unfixed: true
         severity: 'HIGH,CRITICAL'
-    - uses: github/codeql-action/upload-sarif@b611370bb5703a7efb587f9d136a52ea24c5c38c # v3.25.11
+    - uses: github/codeql-action/upload-sarif@9e8d0789d4a0fa9ceb6b1738f7e269594bdd67f0 # v3.28.9
       with:
         sarif_file: 'trivy-results.sarif'