diff --git a/.github/workflows/azure-dev-down.yml b/.github/workflows/azure-dev-down.yml
index 62c92316..ed2fcd02 100644
--- a/.github/workflows/azure-dev-down.yml
+++ b/.github/workflows/azure-dev-down.yml
@@ -31,7 +31,7 @@ jobs:
           ref: ${{ github.ref_name }}
 
       - name: Install azd
-        uses: Azure/setup-azd@c495e71ba59e44bfaaac10a32c8ee90d191ca4a3 # v2.2.1
+        uses: Azure/setup-azd@634ad924cf8baef2257898ba5663be8d19f15aca # v2.3.0
         with:
           version: '1.20.0'  # Specify your desired azd version here
         
diff --git a/.github/workflows/azure-dev.yml b/.github/workflows/azure-dev.yml
index d96c4d86..15d4c260 100644
--- a/.github/workflows/azure-dev.yml
+++ b/.github/workflows/azure-dev.yml
@@ -62,7 +62,7 @@ jobs:
           persist-credentials: false
 
       - name: Install azd
-        uses: Azure/setup-azd@c495e71ba59e44bfaaac10a32c8ee90d191ca4a3 # v2.2.1
+        uses: Azure/setup-azd@634ad924cf8baef2257898ba5663be8d19f15aca # v2.3.0
         with:
           version: '1.20.0'  # Specify your desired azd version here
 
@@ -192,7 +192,7 @@ jobs:
 
           azd provision --no-prompt
 
-      - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
+      - uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
         if: success() || failure()
         with:
           name: sarif-reports
diff --git a/.github/workflows/terraform-validate.yml b/.github/workflows/terraform-validate.yml
index 51c05c12..164845d3 100644
--- a/.github/workflows/terraform-validate.yml
+++ b/.github/workflows/terraform-validate.yml
@@ -160,7 +160,7 @@ jobs:
 
       - name: Run Checkov action
         id: checkov
-        uses: bridgecrewio/checkov-action@f9b0a2206b0401cad02ac0a66be2a7934a5be838 # v12.1347.0
+        uses: bridgecrewio/checkov-action@de2bfaecd21d58ef232e0d2a3391c33c32c460d7 # v12.1347.0
         with: 
           framework: terraform
           download_external_modules: true
@@ -236,7 +236,7 @@ jobs:
     if: needs.check-dependabot.outputs.is_dependabot == 'true' && success()
     steps:
       - name: Comment on PR
-        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
+        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
         with:
           github-token: ${{ secrets.GITHUB_TOKEN }}
           script: |
@@ -273,7 +273,7 @@ jobs:
     if: needs.check-dependabot.outputs.is_dependabot == 'true' && failure()
     steps:
       - name: Comment on PR about failure
-        uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
+        uses: actions/github-script@3a2844b7e9c422d3c10d287c895573f7108da1b3 # v9.0.0
         with:
           github-token: ${{ secrets.GITHUB_TOKEN }}
           script: |
diff --git a/.github/workflows/test-search.yaml b/.github/workflows/test-search.yaml
index 22370388..3b997c87 100644
--- a/.github/workflows/test-search.yaml
+++ b/.github/workflows/test-search.yaml
@@ -110,7 +110,7 @@ jobs:
         continue-on-error: true # Continue even if tests fail to ensure artifacts are uploaded
 
       - name: Upload test results as workflow artifact
-        uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
+        uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
         if: (!cancelled()) # Upload artifacts even if tests fail
         with:
           name: pytest-test-results
@@ -120,7 +120,7 @@ jobs:
           retention-days: 30
 
       - name: Publish pytest test results
-        uses: dorny/test-reporter@3d76b34a4535afbd0600d347b09a6ee5deb3ed7f # v2.6.0
+        uses: dorny/test-reporter@a43b3a5f7366b97d083190328d2c652e1a8b6aa2 # v3.0.0
         if: (!cancelled()) # Run even if tests fail
         with:
           name: Azure AI Search E2E Tests