diff --git a/.github/actions/docker-scan/action.yml b/.github/actions/docker-scan/action.yml
index b3391c34..c8206638 100644
--- a/.github/actions/docker-scan/action.yml
+++ b/.github/actions/docker-scan/action.yml
@@ -33,7 +33,7 @@ runs:
       shell: bash
 
     - name: Upload trivy scan results to github security tab
-      uses: github/codeql-action/upload-sarif@407ffafae6a767df3e0230c3df91b6443ae8df75 # v2.22.8
+      uses: github/codeql-action/upload-sarif@c0d1daa7f7e14667747d73a7dbbe8c074bc8bfe2 # v2.22.9
       with:
         sarif_file: "trivy-results.sarif"
         token: ${{ inputs.token }}
diff --git a/.github/workflows/base-terragrunt-plan.yml b/.github/workflows/base-terragrunt-plan.yml
index e2e94ca3..4c493fa7 100644
--- a/.github/workflows/base-terragrunt-plan.yml
+++ b/.github/workflows/base-terragrunt-plan.yml
@@ -55,7 +55,7 @@ jobs:
 
       - name: Terragrunt plan base
         if: ${{ steps.filter.outputs.base == 'true' || steps.filter.outputs.common == 'true' }}
-        uses: cds-snc/terraform-plan@28d2efe5155573489fa5b5816fad20d44d1f274b # v3.0.7
+        uses: cds-snc/terraform-plan@b84f6e89f3e7b5ecf648a2c036c043c73d82da59 # v3.1.0
         with:
           directory: "terragrunt/env/base"
           comment-delete: "true"
diff --git a/.github/workflows/cloud-asset-inventory-terragrunt-plan.yml b/.github/workflows/cloud-asset-inventory-terragrunt-plan.yml
index 2825fbf9..3c9e00d7 100644
--- a/.github/workflows/cloud-asset-inventory-terragrunt-plan.yml
+++ b/.github/workflows/cloud-asset-inventory-terragrunt-plan.yml
@@ -60,7 +60,7 @@ jobs:
 
       - name: Terragrunt plan cloud_asset_inventory
         if: ${{ steps.filter.outputs.cloud_asset_inventory == 'true' || steps.filter.outputs.common == 'true' }}
-        uses: cds-snc/terraform-plan@28d2efe5155573489fa5b5816fad20d44d1f274b # v3.0.7
+        uses: cds-snc/terraform-plan@b84f6e89f3e7b5ecf648a2c036c043c73d82da59 # v3.1.0
         with:
           directory: "terragrunt/env/cloud_asset_inventory"
           comment-delete: "true"
diff --git a/.github/workflows/csp-reports-terragrunt-plan.yml b/.github/workflows/csp-reports-terragrunt-plan.yml
index 96551695..e4857e4d 100644
--- a/.github/workflows/csp-reports-terragrunt-plan.yml
+++ b/.github/workflows/csp-reports-terragrunt-plan.yml
@@ -57,7 +57,7 @@ jobs:
 
       - name: Terragrunt plan csp_violation_report_service
         if: ${{ steps.filter.outputs.csp_violation_report_service == 'true' || steps.filter.outputs.common == 'true' }}
-        uses: cds-snc/terraform-plan@28d2efe5155573489fa5b5816fad20d44d1f274b # v3.0.7
+        uses: cds-snc/terraform-plan@b84f6e89f3e7b5ecf648a2c036c043c73d82da59 # v3.1.0
         with:
           directory: "terragrunt/env/csp_violation_report_service"
           comment-delete: "true"