diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index c94356b883..8aab8869ee 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -10,15 +10,16 @@ permissions: read-all
 jobs:
   analyze:
     name: Analyze
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
     permissions:
       actions: read
       contents: read
       security-events: write
     steps:
-      - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v3.0.2
-      - uses: github/codeql-action/init@4238421316c33d73aeea2801274dd286f157c2bb # v2.1.32
+      - uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3
+      - uses: github/codeql-action/init@82a3f64131759f97922e0680c3730858bc7155a6 # v2.27.6
         with:
           languages: 'java'
-      - uses: github/codeql-action/autobuild@4238421316c33d73aeea2801274dd286f157c2bb # v2.1.32
-      - uses: github/codeql-action/analyze@4238421316c33d73aeea2801274dd286f157c2bb # v2.1.32
+      - uses: github/codeql-action/autobuild@82a3f64131759f97922e0680c3730858bc7155a6 # v2.27.6
+      - uses: github/codeql-action/analyze@82a3f64131759f97922e0680c3730858bc7155a6 # v2.27.6
+
diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml
index 997a587847..404cc4ab01 100644
--- a/.github/workflows/scorecards.yml
+++ b/.github/workflows/scorecards.yml
@@ -9,19 +9,19 @@ permissions: read-all
 jobs:
   analysis:
     name: Scorecards analysis
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
     permissions:
       security-events: write
       id-token: write
     steps:
-      - uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v3.0.2
+      - uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3
         with:
           persist-credentials: false
-      - uses: ossf/scorecard-action@3e15ea8318eee9b333819ec77a36aca8d39df13e # v1.1.1
+      - uses: ossf/scorecard-action@62b2cac7ed8198b15735ed49ab1e5cf35480ba46 # v2.4.0
         with:
           results_file: results.sarif
           results_format: sarif
           publish_results: true
-      - uses: github/codeql-action/upload-sarif@3e7e3b32d0fb8283594bb0a76cc60a00918b0969 # v2.1.6
+      - uses: github/codeql-action/upload-sarif@82a3f64131759f97922e0680c3730858bc7155a6 # v2.27.6
         with:
           sarif_file: results.sarif