diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 3f2c08d..1516ed6 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -402,7 +402,7 @@ jobs:
         exit-code: '0'
 
     - name: Upload Trivy scan results to GitHub Security tab
-      uses: github/codeql-action/upload-sarif@c793b717bc78562f491db7b0e93a3a178b099162 # v4
+      uses: github/codeql-action/upload-sarif@0d579ffd059c29b07949a3cce3983f0780820c98 # v4
       if: ${{ always() && github.event.pull_request.head.repo.full_name == github.repository }}
       with:
         sarif_file: 'trivy-results.sarif'