diff --git a/.github/workflows/defender-for-devops.yml b/.github/workflows/defender-for-devops.yml
index 694f63c..f07fcca 100644
--- a/.github/workflows/defender-for-devops.yml
+++ b/.github/workflows/defender-for-devops.yml
@@ -44,6 +44,6 @@ jobs:
       uses: microsoft/security-devops-action@v1.12.0
       id: msdo
     - name: Upload results to Security tab
-      uses: github/codeql-action/upload-sarif@v3
+      uses: github/codeql-action/upload-sarif@v4
       with:
         sarif_file: ${{ steps.msdo.outputs.sarifFile }}
diff --git a/.github/workflows/gosec.yaml b/.github/workflows/gosec.yaml
index be72611..fbba7f0 100644
--- a/.github/workflows/gosec.yaml
+++ b/.github/workflows/gosec.yaml
@@ -24,7 +24,7 @@ jobs:
           # we let the report trigger content trigger a failure using the GitHub Security features.
           args: '-no-fail -fmt sarif -out results.sarif ./...'
       - name: Upload SARIF file
-        uses: github/codeql-action/upload-sarif@v3
+        uses: github/codeql-action/upload-sarif@v4
         with:
           # Path to SARIF file relative to the root of the repository
           sarif_file: results.sarif