diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index e26b483..3ba5a65 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -82,7 +82,7 @@ jobs:
           exit-code: 0  # warn only; change to 1 to block the pipeline
 
       - name: Upload Trivy fs results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@v3
+        uses: github/codeql-action/upload-sarif@v4
         if: always()
         with:
           sarif_file: trivy-fs.sarif
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 23d69e8..cd77189 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -130,7 +130,7 @@ jobs:
           exit-code: 0  # warn only; change to 1 to block on vulnerabilities
 
       - name: Upload Trivy image results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@v3
+        uses: github/codeql-action/upload-sarif@v4
         if: always()
         with:
           sarif_file: trivy-image-${{ matrix.name }}.sarif