diff --git a/.github/actions/install-uds-cli/action.yaml b/.github/actions/install-uds-cli/action.yaml
index 277971e7..f5c2aed7 100644
--- a/.github/actions/install-uds-cli/action.yaml
+++ b/.github/actions/install-uds-cli/action.yaml
@@ -6,11 +6,11 @@ description: installs uds-cli from brew
 runs:
   using: composite
   steps:
-  - name: Set up Homebrew
-    uses: Homebrew/actions/setup-homebrew@f1cc9df7a62b7f6244414d21a3ebc3ba9156a082 # master
+    - name: Set up Homebrew
+      uses: Homebrew/actions/setup-homebrew@cf31444e770b9919bb21e695d66f56c39cfd3dee # main
 
-  - name: Install UDS CLI
-    shell: bash
-    run: |
-      brew tap defenseunicorns/tap
-      brew install uds
+    - name: Install UDS CLI
+      shell: bash
+      run: |
+        brew tap defenseunicorns/tap
+        brew install uds
diff --git a/.github/workflows/scan-codeql.yaml b/.github/workflows/scan-codeql.yaml
index e9a5a84f..442950b1 100644
--- a/.github/workflows/scan-codeql.yaml
+++ b/.github/workflows/scan-codeql.yaml
@@ -56,7 +56,7 @@ jobs:
         run: uds run build-cli-linux-amd
 
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v4.35.2
+        uses: github/codeql-action/init@e46ed2cbd01164d986452f91f178727624ae40d7 # v4.35.3
         env:
           CODEQL_EXTRACTOR_GO_BUILD_TRACING: on
         with:
@@ -65,6 +65,6 @@ jobs:
 
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v4.35.2
+        uses: github/codeql-action/analyze@e46ed2cbd01164d986452f91f178727624ae40d7 # v4.35.3
         with:
           category: "/language:${{matrix.language}}"
diff --git a/.github/workflows/scorecard.yaml b/.github/workflows/scorecard.yaml
index ea4bdb2f..a28fc4a7 100644
--- a/.github/workflows/scorecard.yaml
+++ b/.github/workflows/scorecard.yaml
@@ -47,6 +47,6 @@ jobs:
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v4.35.2
+        uses: github/codeql-action/upload-sarif@e46ed2cbd01164d986452f91f178727624ae40d7 # v4.35.3
         with:
           sarif_file: results.sarif