diff --git a/.github/workflows/envoy-sync.yaml b/.github/workflows/envoy-sync.yaml
index d6924aae9..c745f21c0 100644
--- a/.github/workflows/envoy-sync.yaml
+++ b/.github/workflows/envoy-sync.yaml
@@ -28,14 +28,14 @@ jobs:
         app_id: ${{ secrets.ENVOY_CI_UPDATE_APP_ID }}
 
     - name: 'Checkout Repository'
-      uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
+      uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
       with:
         ref: main
         token: ${{ steps.appauth.outputs.value }}
 
     # Checkout the Envoy repo at latest commit
     - name: 'Checkout Repository'
-      uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
+      uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2
       with:
         repository: envoyproxy/envoy
         fetch-depth: 0
diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml
index a063ec884..ae56b9af8 100644
--- a/.github/workflows/scorecard.yml
+++ b/.github/workflows/scorecard.yml
@@ -21,7 +21,7 @@ jobs:
 
     steps:
     - name: "Checkout code"
-      uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11  # v4.1.1
+      uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633  # v4.1.2
       with:
         persist-credentials: false