diff --git a/.github/workflows/docker-build-and-push.yml b/.github/workflows/docker-build-and-push.yml
index e5a083db..a6fbdfe7 100644
--- a/.github/workflows/docker-build-and-push.yml
+++ b/.github/workflows/docker-build-and-push.yml
@@ -30,7 +30,7 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # tag=v3.1.0
+        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
 
       - uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # tag=v2.11.1
         id: changes
@@ -57,7 +57,7 @@ jobs:
       - name: Staging ECR login
         if: steps.changes.outputs.lambda == 'true'
         id: staging-ecr
-        uses: aws-actions/amazon-ecr-login@261a7de32bda11ba01f4d75c4ed6caf3739e54be # v1.5.3
+        uses: aws-actions/amazon-ecr-login@5a88a04c91d5c6f97aae0d9be790e64d9b1d47b7 # v1.7.1
 
       - name: Staging ECR push
         if: steps.changes.outputs.lambda == 'true'
@@ -84,7 +84,7 @@ jobs:
       - name: Production ECR login
         if: steps.changes.outputs.lambda == 'true'
         id: production-ecr
-        uses: aws-actions/amazon-ecr-login@261a7de32bda11ba01f4d75c4ed6caf3739e54be # v1.5.3
+        uses: aws-actions/amazon-ecr-login@5a88a04c91d5c6f97aae0d9be790e64d9b1d47b7 # v1.7.1
 
       - name: Production ECR push
         if: steps.changes.outputs.lambda == 'true'
@@ -101,7 +101,7 @@ jobs:
 
       - name: Generate docker SBOM
         if: steps.changes.outputs.lambda == 'true'
-        uses: cds-snc/security-tools/.github/actions/generate-sbom@19c655b47ec24d168ecbc701cee18701ab55f071 # v2.1.1
+        uses: cds-snc/security-tools/.github/actions/generate-sbom@eecd7a02a0294b379411c126b61e5c29e253676a # v2.1.4
         with:
           docker_image: "${{ matrix.image }}"
           dockerfile_path: "${{ matrix.lambda }}/Dockerfile"
diff --git a/.github/workflows/docker-build.yml b/.github/workflows/docker-build.yml
index 1491641e..a1560b32 100644
--- a/.github/workflows/docker-build.yml
+++ b/.github/workflows/docker-build.yml
@@ -19,7 +19,7 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # tag=v3.1.0
+        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
 
       - uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # tag=v2.11.1
         id: changes
diff --git a/.github/workflows/docker-vulnerability-scan.yml b/.github/workflows/docker-vulnerability-scan.yml
index 9f6e2df9..4ab11ec8 100644
--- a/.github/workflows/docker-vulnerability-scan.yml
+++ b/.github/workflows/docker-vulnerability-scan.yml
@@ -50,10 +50,10 @@ jobs:
 
       - name: Staging ECR login
         id: staging-ecr
-        uses: aws-actions/amazon-ecr-login@261a7de32bda11ba01f4d75c4ed6caf3739e54be # v1.5.3
+        uses: aws-actions/amazon-ecr-login@5a88a04c91d5c6f97aae0d9be790e64d9b1d47b7 # v1.7.1
 
       - name: Docker vulnerability scan
-        uses: cds-snc/security-tools/.github/actions/docker-scan@19c655b47ec24d168ecbc701cee18701ab55f071 # v2.1.1
+        uses: cds-snc/security-tools/.github/actions/docker-scan@eecd7a02a0294b379411c126b61e5c29e253676a # v2.1.4
         with:
           docker_image: "${{ env.DOCKER_SLUG }}/${{ matrix.image }}:latest"
           dockerfile_path: "${{ matrix.lambda }}/Dockerfile"
diff --git a/.github/workflows/test-format-lint.yml b/.github/workflows/test-format-lint.yml
index 4b7dbb9a..c9216392 100644
--- a/.github/workflows/test-format-lint.yml
+++ b/.github/workflows/test-format-lint.yml
@@ -20,7 +20,7 @@ jobs:
 
     steps:
       - name: Checkout
-        uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # tag=v3.1.0
+        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
 
       - uses: dorny/paths-filter@4512585405083f25c027a35db413c2b3b9006d50 # tag=v2.11.1
         id: changes
@@ -32,14 +32,14 @@ jobs:
 
       - name: Setup Python
         if: steps.changes.outputs.lambda == 'true' && matrix.python
-        uses: actions/setup-python@13ae5bb136fac2878aff31522b9efb785519f984 # tag=v4.3.0
+        uses: actions/setup-python@b64ffcaf5b410884ad320a9cfac8866006a109aa # v4.8.0
         with:
           python-version: ${{ matrix.python }}
           cache: pip
 
       - name: Setup Ruby
         if: steps.changes.outputs.lambda == 'true' && matrix.ruby
-        uses: ruby/setup-ruby@c4fe7bd15ddbfcd5e07e47bf2f2cae90581d6091 # tag=v1.123.0
+        uses: ruby/setup-ruby@af848b40be8bb463a751551a1180d74782ba8a72 # v1.162.0
         with:
           ruby-version: ${{ matrix.ruby }}
           bundler-cache: true