diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 8c3ecf0..aa9ec12 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -120,14 +120,14 @@ jobs:
 
       - name: Upload runtime SARIF
         if: always()
-        uses: github/codeql-action/upload-sarif@v4.32.6
+        uses: github/codeql-action/upload-sarif@v4.34.1
         with:
           sarif_file: artifacts/security/trivy-runtime.sarif
           category: trivy-runtime
 
       - name: Upload CLI SARIF
         if: always()
-        uses: github/codeql-action/upload-sarif@v4.32.6
+        uses: github/codeql-action/upload-sarif@v4.34.1
         with:
           sarif_file: artifacts/security/trivy-cli.sarif
           category: trivy-cli
diff --git a/.github/workflows/security-nightly.yml b/.github/workflows/security-nightly.yml
index 24582f8..57085a3 100644
--- a/.github/workflows/security-nightly.yml
+++ b/.github/workflows/security-nightly.yml
@@ -38,14 +38,14 @@ jobs:
 
       - name: Upload SARIF runtime
         if: always()
-        uses: github/codeql-action/upload-sarif@0d579ffd059c29b07949a3cce3983f0780820c98  # v4.32.6
+        uses: github/codeql-action/upload-sarif@38697555549f1db7851b81482ff19f1fa5c4fedc  # v4.34.1
         with:
           sarif_file: artifacts/security-nightly/runtime.sarif
           category: trivy-nightly-runtime
 
       - name: Upload SARIF cli
         if: always()
-        uses: github/codeql-action/upload-sarif@0d579ffd059c29b07949a3cce3983f0780820c98  # v4.32.6
+        uses: github/codeql-action/upload-sarif@38697555549f1db7851b81482ff19f1fa5c4fedc  # v4.34.1
         with:
           sarif_file: artifacts/security-nightly/cli.sarif
           category: trivy-nightly-cli