diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 2a9e7719..2b6caff0 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -120,7 +120,7 @@ jobs:
         cache: 'maven'
     - name: Initialize CodeQL
       if: ${{ !inputs.skip_code_scans }}
-      uses: github/codeql-action/init@e46ed2cbd01164d986452f91f178727624ae40d7
+      uses: github/codeql-action/init@7211b7c8077ea37d8641b6271f6a365a22a5fbfa
       with:
         languages: java
         config-file: .github/codeql-config.yml
@@ -147,7 +147,7 @@ jobs:
         git push --force-with-lease
     - name: Perform CodeQL Analysis
       if: ${{ !inputs.skip_code_scans }}
-      uses: github/codeql-action/analyze@e46ed2cbd01164d986452f91f178727624ae40d7
+      uses: github/codeql-action/analyze@7211b7c8077ea37d8641b6271f6a365a22a5fbfa
       with:
         upload: 'never'
         output: codeql-results
@@ -253,13 +253,13 @@ jobs:
         fi
     - name: Upload CodeQL scan results to GitHub Security tab
       if: ${{ !inputs.skip_code_scans && env.UPLOAD_SCAN_SARIF == 'true' }}
-      uses: github/codeql-action/upload-sarif@e46ed2cbd01164d986452f91f178727624ae40d7
+      uses: github/codeql-action/upload-sarif@7211b7c8077ea37d8641b6271f6a365a22a5fbfa
       with:
         sarif_file: codeql-results
         category: 'codeql'
     - name: Upload Trivy scan results to GitHub Security tab
       if: ${{ !inputs.skip_code_scans && env.UPLOAD_SCAN_SARIF == 'true' }}
-      uses: github/codeql-action/upload-sarif@e46ed2cbd01164d986452f91f178727624ae40d7
+      uses: github/codeql-action/upload-sarif@7211b7c8077ea37d8641b6271f6a365a22a5fbfa
       with:
         sarif_file: 'trivy-results.sarif'
         category: 'trivy'