diff --git a/.github/actions/docker-scan/action.yml b/.github/actions/docker-scan/action.yml
index 2875e421..cb5ec929 100644
--- a/.github/actions/docker-scan/action.yml
+++ b/.github/actions/docker-scan/action.yml
@@ -33,7 +33,7 @@ runs:
       shell: bash
 
     - name: Upload trivy scan results to github security tab
-      uses: github/codeql-action/upload-sarif@e8893c57a1f3a2b659b6b55564fdfdbbd2982911 # v3.24.0
+      uses: github/codeql-action/upload-sarif@47b3d888fe66b639e431abf22ebca059152f1eea # v3.24.5
       with:
         sarif_file: "trivy-results.sarif"
         token: ${{ inputs.token }}
diff --git a/.github/workflows/base-terragrunt-plan.yml b/.github/workflows/base-terragrunt-plan.yml
index 10de502c..96b98bef 100644
--- a/.github/workflows/base-terragrunt-plan.yml
+++ b/.github/workflows/base-terragrunt-plan.yml
@@ -55,7 +55,7 @@ jobs:
 
       - name: Terragrunt plan base
         if: ${{ steps.filter.outputs.base == 'true' || steps.filter.outputs.common == 'true' }}
-        uses: cds-snc/terraform-plan@5311f3dac704235dde778e30fa7d2bd0c0d8036f # v3.2.0
+        uses: cds-snc/terraform-plan@4719878d72d1b0078e0bce2e7571e854e79903b8 # v3.2.2
         with:
           directory: "terragrunt/env/base"
           comment-delete: "true"
diff --git a/.github/workflows/cloud-asset-inventory-terragrunt-plan.yml b/.github/workflows/cloud-asset-inventory-terragrunt-plan.yml
index eb189e0e..4c379aa5 100644
--- a/.github/workflows/cloud-asset-inventory-terragrunt-plan.yml
+++ b/.github/workflows/cloud-asset-inventory-terragrunt-plan.yml
@@ -60,7 +60,7 @@ jobs:
 
       - name: Terragrunt plan cloud_asset_inventory
         if: ${{ steps.filter.outputs.cloud_asset_inventory == 'true' || steps.filter.outputs.common == 'true' }}
-        uses: cds-snc/terraform-plan@5311f3dac704235dde778e30fa7d2bd0c0d8036f # v3.2.0
+        uses: cds-snc/terraform-plan@4719878d72d1b0078e0bce2e7571e854e79903b8 # v3.2.2
         with:
           directory: "terragrunt/env/cloud_asset_inventory"
           comment-delete: "true"
diff --git a/.github/workflows/csp-reports-terragrunt-plan.yml b/.github/workflows/csp-reports-terragrunt-plan.yml
index 945aa4d1..befc989e 100644
--- a/.github/workflows/csp-reports-terragrunt-plan.yml
+++ b/.github/workflows/csp-reports-terragrunt-plan.yml
@@ -57,7 +57,7 @@ jobs:
 
       - name: Terragrunt plan csp_violation_report_service
         if: ${{ steps.filter.outputs.csp_violation_report_service == 'true' || steps.filter.outputs.common == 'true' }}
-        uses: cds-snc/terraform-plan@5311f3dac704235dde778e30fa7d2bd0c0d8036f # v3.2.0
+        uses: cds-snc/terraform-plan@4719878d72d1b0078e0bce2e7571e854e79903b8 # v3.2.2
         with:
           directory: "terragrunt/env/csp_violation_report_service"
           comment-delete: "true"