diff --git a/.github/workflows/alert-update-flags.yaml b/.github/workflows/alert-update-flags.yaml
index e9476141624..90d4e6182d5 100644
--- a/.github/workflows/alert-update-flags.yaml
+++ b/.github/workflows/alert-update-flags.yaml
@@ -14,7 +14,7 @@ jobs:
 
     steps:
       - name: Checkout project
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
         with:
           fetch-depth: 2
       - name: Execute diff and send email
diff --git a/.github/workflows/alert-update-terraform-modules.yaml b/.github/workflows/alert-update-terraform-modules.yaml
index bcef86d4099..ad3b2c1a2d6 100644
--- a/.github/workflows/alert-update-terraform-modules.yaml
+++ b/.github/workflows/alert-update-terraform-modules.yaml
@@ -11,7 +11,7 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
         with:
           fetch-depth: 0
       - name: Execute diff and send email
@@ -25,7 +25,7 @@ jobs:
             -c assets/libraries/common.json \
             -u https://registry.terraform.io/v1/modules
       - name: Create Pull Request
-        uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v6
+        uses: peter-evans/create-pull-request@84ae59a2cdc2258d6fa0732dd66352dddae2a412 # v6
         with:
           title: "feat(queries): update terraform registry data on commons.json"
           token: ${{ secrets.KICS_BOT_PAT }}
diff --git a/.github/workflows/check-apache-license.yaml b/.github/workflows/check-apache-license.yaml
index 2fb3474e74a..8c552417aca 100644
--- a/.github/workflows/check-apache-license.yaml
+++ b/.github/workflows/check-apache-license.yaml
@@ -12,7 +12,7 @@ jobs:
       USERNAME: ${{ github.event.pull_request.user.login }}
     steps:
     - name: Checkout code
-      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
       with:
         persist-credentials: false
         sparse-checkout: |
diff --git a/.github/workflows/check-go-coverage.yaml b/.github/workflows/check-go-coverage.yaml
index 97c10395615..9d2affdbca7 100644
--- a/.github/workflows/check-go-coverage.yaml
+++ b/.github/workflows/check-go-coverage.yaml
@@ -13,11 +13,11 @@ jobs:
       color: ${{ steps.testcov.outputs.color }}
     steps:
       - name: Checkout Source
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
         with:
           fetch-depth: 0
       - name: Set up Go
-        uses: actions/setup-go@v5
+        uses: actions/setup-go@v6
         with:
           go-version-file: go.mod
       - name: Run test metrics script
diff --git a/.github/workflows/go-ci-coverage.yaml b/.github/workflows/go-ci-coverage.yaml
index 50e7ff3f7fc..a932e04b655 100644
--- a/.github/workflows/go-ci-coverage.yaml
+++ b/.github/workflows/go-ci-coverage.yaml
@@ -14,11 +14,11 @@ jobs:
       color: ${{ steps.testcov.outputs.color }}
     steps:
       - name: Checkout Source
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
         with:
           fetch-depth: 0
       - name: Set up Go
-        uses: actions/setup-go@v5
+        uses: actions/setup-go@v6
         with:
           go-version-file: go.mod
       - name: Run test metrics script
@@ -33,11 +33,11 @@ jobs:
           curl -L \
             https://img.shields.io/badge/Go%20Coverage-${{ steps.testcov.outputs.coverage }}%25-${{ steps.testcov.outputs.color }}.svg > coverage.svg
           cat coverage.svg
-      - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+      - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
         with:
           name: ${{ runner.os }}-badge-latest
           path: coverage.svg
-      - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+      - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
         with:
           name: ${{ runner.os }}-coverage-latest
           path: coverage.html
@@ -47,7 +47,7 @@ jobs:
     needs: coverage
     steps:
       - name: Checkout Source
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
         with:
           ref: gh-pages
       - name: Configure git commit author
@@ -55,12 +55,12 @@ jobs:
           git config --global user.name "KICSBot"
           git config --global user.email "41898282+github-actions[bot]@users.noreply.github.com"
       - name: Download Coverage Report
-        uses: actions/download-artifact@v4.1.3
+        uses: actions/download-artifact@v6.0.0
         with:
           name: ${{ runner.os }}-coverage-latest
           path: latest-coverage
       - name: Download Badge svg
-        uses: actions/download-artifact@v4.1.3
+        uses: actions/download-artifact@v6.0.0
         with:
           name: ${{ runner.os }}-badge-latest
           path: latest-coverage
diff --git a/.github/workflows/go-ci-integration.yml b/.github/workflows/go-ci-integration.yml
index 293626b9f6d..e3c133270ca 100644
--- a/.github/workflows/go-ci-integration.yml
+++ b/.github/workflows/go-ci-integration.yml
@@ -15,14 +15,14 @@ jobs:
           cancel_others: false
           paths_ignore: '["docs/**", "**/**.md", "examples"]'
       - name: Check out code into the Go module directory
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
         with:
           persist-credentials: false
       - name: Set up Docker Buildx
         id: buildx
         uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
       - name: Cache Docker layers
-        uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
+        uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
         with:
           path: /tmp/.buildx-cache
           key: ${{ runner.os }}-buildx-${{ github.ref }}
@@ -59,7 +59,7 @@ jobs:
             -p "/path" \
             -o "/path/"
       - name: Archive test logs
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
         if: always()
         with:
           name: integration-logs-${{ github.event.pull_request.head.sha }}
@@ -68,7 +68,7 @@ jobs:
         run: |
           cat  ${PWD}/assets/queries/results.json
       - name: Archive test results
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
         with:
           name: integration-results-${{ github.event.pull_request.head.sha }}
           path: assets/queries/results.json
diff --git a/.github/workflows/go-ci-metrics.yaml b/.github/workflows/go-ci-metrics.yaml
index ea3c60be89d..d3715a20533 100644
--- a/.github/workflows/go-ci-metrics.yaml
+++ b/.github/workflows/go-ci-metrics.yaml
@@ -12,8 +12,8 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout Source
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-      - uses: actions/setup-python@v5
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+      - uses: actions/setup-python@v6
         with:
           python-version: "3.x"
       - name: Run test metrics script
@@ -26,7 +26,7 @@ jobs:
           curl -L \
             https://img.shields.io/badge/Queries-${{ steps.metrics.outputs.total_queries }}-blue.svg > queries.svg
           cat queries.svg
-      - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+      - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
         with:
           name: ${{ runner.os }}-queries-badge-latest
           path: queries.svg
@@ -36,7 +36,7 @@ jobs:
     needs: metrics
     steps:
       - name: Checkout Source
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
         with:
           ref: gh-pages
       - name: Configure git commit author
@@ -44,7 +44,7 @@ jobs:
           git config --global user.name "KICSBot"
           git config --global user.email "41898282+github-actions[bot]@users.noreply.github.com"
       - name: Download Queries Badge SVG
-        uses: actions/download-artifact@v4.1.3
+        uses: actions/download-artifact@v6.0.0
         with:
           name: ${{ runner.os }}-queries-badge-latest
           path: latest-metrics
diff --git a/.github/workflows/go-ci.yml b/.github/workflows/go-ci.yml
index f0442c323fe..6e088afee7e 100644
--- a/.github/workflows/go-ci.yml
+++ b/.github/workflows/go-ci.yml
@@ -9,9 +9,9 @@ jobs:
     name: lint
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
       - name: Set up Go
-        uses: actions/setup-go@v5
+        uses: actions/setup-go@v6
         with:
           go-version-file: go.mod
           cache: false
@@ -25,12 +25,12 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Check out code
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
         with:
           persist-credentials: false
           fetch-depth: 0
       - name: Set up Go
-        uses: actions/setup-go@v5
+        uses: actions/setup-go@v6
         with:
           go-version-file: go.mod
       - name: Generate mocks and marshall/unmarshall code
@@ -44,11 +44,11 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
       - name: Set up Go
-        uses: actions/setup-go@v5
+        uses: actions/setup-go@v6
         with:
           go-version: ${{ matrix.go-version }}
       - name: Check out code into the Go module directory
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
         with:
           persist-credentials: false
       - name: Get cache paths
@@ -56,7 +56,7 @@ jobs:
         shell: bash
         run: echo "GO_BUILD=$(go env GOCACHE)" >>$GITHUB_OUTPUT
       - name: Cache dependencies
-        uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
+        uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
         with:
           path: ${{ steps.go-cache-paths.outputs.GO_BUILD }}
           key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
@@ -69,7 +69,7 @@ jobs:
           go mod vendor
       - name: Set Windows Page size
         if: matrix.os == 'windows-2022'
-        uses: al-cheb/configure-pagefile-action@a3b6ebd6b634da88790d9c58d4b37a7f4a7b8708 # v1.4
+        uses: al-cheb/configure-pagefile-action@9b6da52fb72a3c6147c1aad2df22d8d905681adc # v1.5
         with:
           minimum-size: 32GB
           maximum-size: 32GB
@@ -86,7 +86,7 @@ jobs:
           go test -mod=vendor -tags dev -v -timeout 2100s $(go list -tags dev ./... | grep -v e2e) -count=1 -coverprofile=cover.out | tee unit-test.log
       - name: Archive test logs
         if: always()
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
         with:
           name: unit-test-${{ runner.os }}-${{ github.event.pull_request.head.sha }}.log
           path: unit-test.log
@@ -97,9 +97,9 @@ jobs:
       GO111MODULE: on
     steps:
       - name: Checkout Source
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
       - name: Run Gosec Security Scanner
-        uses: securego/gosec@d2d3ae66bd8d340b78b5142b6fe610691783c2fe # v2.22.5
+        uses: securego/gosec@6be2b51fd78feca86af91f5186b7964d76cb1256 # v2.22.10
         with:
           args: "-no-fail -fmt sarif -out results.sarif ./..."
       - name: Show results
diff --git a/.github/workflows/go-e2e-debian.yaml b/.github/workflows/go-e2e-debian.yaml
index 04664d0d874..d9f22e1060e 100644
--- a/.github/workflows/go-e2e-debian.yaml
+++ b/.github/workflows/go-e2e-debian.yaml
@@ -19,11 +19,11 @@ jobs:
         with:
           access_token: ${{ github.token }}
       - name: Check out code
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
         with:
           persist-credentials: false
       - name: Set up Go
-        uses: actions/setup-go@v5
+        uses: actions/setup-go@v6
         with:
           go-version: ${{ matrix.go-version }}
       - name: Print go env
@@ -31,7 +31,7 @@ jobs:
       - name: Get Modules
         run: go mod vendor
       - name: Set up Node v14
-        uses: actions/setup-node@v4
+        uses: actions/setup-node@v6
         with:
           node-version: "20"
       - name: Install mock server
@@ -44,7 +44,7 @@ jobs:
         id: buildx
         uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
       - name: Cache Docker layers
-        uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
+        uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
         with:
           path: /tmp/.buildx-cache
           key: ${{ runner.os }}-buildx-${{ github.ref }}
@@ -100,7 +100,7 @@ jobs:
           DOCKER_NAME=$(echo docker/Dockerfile.debian | sed 's/\//-/')
       - name: Archive test report
         if: always()
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
         with:
           name: e2e-tests-report-dockerfile-$DOCKER_NAME
           path: e2e-report.html
diff --git a/.github/workflows/go-e2e.yaml b/.github/workflows/go-e2e.yaml
index 0842636459e..f1611c5a681 100644
--- a/.github/workflows/go-e2e.yaml
+++ b/.github/workflows/go-e2e.yaml
@@ -20,11 +20,11 @@ jobs:
         with:
           access_token: ${{ github.token }}
       - name: Check out code
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
         with:
           persist-credentials: false
       - name: Set up Go
-        uses: actions/setup-go@v5
+        uses: actions/setup-go@v6
         with:
           go-version: ${{ matrix.go-version }}
       - name: Print go env
@@ -32,7 +32,7 @@ jobs:
       - name: Get Modules
         run: go mod vendor
       - name: Set up Node v14
-        uses: actions/setup-node@v4
+        uses: actions/setup-node@v6
         with:
           node-version: "20"
       - name: Install mock server
@@ -45,7 +45,7 @@ jobs:
         id: buildx
         uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
       - name: Cache Docker layers
-        uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
+        uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
         with:
           path: /tmp/.buildx-cache
           key: ${{ runner.os }}-buildx-${{ github.ref }}
@@ -100,7 +100,7 @@ jobs:
           echo "DOCKER_NAME=$DOCKER_NAME" >> $GITHUB_ENV
       - name: Archive test report
         if: always()
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
         with:
           name: e2e-tests-report-${{ env.DOCKER_NAME }}
           path: e2e-report.html
diff --git a/.github/workflows/go-generate-antlr-parser.yaml b/.github/workflows/go-generate-antlr-parser.yaml
index 6e543d9ebd3..60e9e15cc9e 100644
--- a/.github/workflows/go-generate-antlr-parser.yaml
+++ b/.github/workflows/go-generate-antlr-parser.yaml
@@ -12,7 +12,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout Source
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
       - name: Build ANTLR image
@@ -26,7 +26,7 @@ jobs:
         run: |
           docker run --rm -u $(id -u ${USER}):$(id -g ${USER}) -v $(pwd)/pkg/parser/jsonfilter:/work -it antlr4-generator:dev
       - name: Create Pull Request
-        uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v6
+        uses: peter-evans/create-pull-request@84ae59a2cdc2258d6fa0732dd66352dddae2a412 # v6
         with:
           title: "chore(parser): updating AWS jsonfilter ANTLR generated parser"
           token: ${{ secrets.KICS_BOT_PAT }}
diff --git a/.github/workflows/go-test-race.yml b/.github/workflows/go-test-race.yml
index d50a87652cf..02f74d59689 100644
--- a/.github/workflows/go-test-race.yml
+++ b/.github/workflows/go-test-race.yml
@@ -10,15 +10,15 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout Source
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
         with:
           fetch-depth: 0
       - name: Set up Go
-        uses: actions/setup-go@v5
+        uses: actions/setup-go@v6
         with:
           go-version-file: go.mod
       - name: Check out code into the Go module directory
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
         with:
           persist-credentials: false
       - name: Get cache paths
@@ -27,7 +27,7 @@ jobs:
           echo "::set-output name=go-build::$(go env GOCACHE)"
           echo "::set-output name=go-mod::$(go env GOMODCACHE)"
       - name: Cache dependencies
-        uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
+        uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
         with:
           path: ${{ steps.go-cache-paths.outputs.go-build }}
           key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
@@ -45,7 +45,7 @@ jobs:
           exit $result_code
       - name: Archive test logs
         if: always()
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
         with:
           name: unit-test-${{ runner.os }}-${{ github.event.pull_request.head.sha }}.log
           path: unit-test.log
diff --git a/.github/workflows/kics-gh-action.yaml b/.github/workflows/kics-gh-action.yaml
index f9c17483e72..0bab89e6634 100644
--- a/.github/workflows/kics-gh-action.yaml
+++ b/.github/workflows/kics-gh-action.yaml
@@ -9,9 +9,9 @@ jobs:
   kics-scan:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
       - name: Run KICS Scan
-        uses: checkmarx/kics-github-action@71454548efb714daa457caae25c01d64cc0be9d2 # v2.1.13
+        uses: checkmarx/kics-github-action@6b6fc1162a0f06704e4cca6e5f8e008ab20fabe5 # v2.1.16
         with:
           token: ${{ secrets.GITHUB_TOKEN }}
           path: "./Dockerfile"
@@ -21,7 +21,7 @@ jobs:
           output_formats: json,html
           type: dockerfile
           exclude_queries: 67fd0c4a-68cf-46d7-8c41-bc9fba7e40ae # Ignore Last User Is 'root'
-      - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+      - uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
         with:
           name: results
           path: ./results
diff --git a/.github/workflows/mkdocs.yml b/.github/workflows/mkdocs.yml
index 38cd8e8e116..25d0955de49 100644
--- a/.github/workflows/mkdocs.yml
+++ b/.github/workflows/mkdocs.yml
@@ -11,7 +11,7 @@ jobs:
   deploy:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
         with:
           fetch-depth: 0
       - uses: toko-bifrost/ms-teams-deploy-card@dcc94e4ce4088b1e6b6de5c9a3cda4ddcbe97d2e # 3.1.2
@@ -28,7 +28,7 @@ jobs:
               value: https://github.com/Checkmarx/kics/actions/runs/${{ github.run_id }}"
             - name: View HEAD Commit
               value: https://github.com/Checkmarx/kics/commit/${{ github.sha }}
-      - uses: actions/setup-python@v5
+      - uses: actions/setup-python@v6
         with:
           python-version: 3.x
       - name: Install dependencies
diff --git a/.github/workflows/prepare-release.yaml b/.github/workflows/prepare-release.yaml
index e1af7bab05c..bc069b36004 100644
--- a/.github/workflows/prepare-release.yaml
+++ b/.github/workflows/prepare-release.yaml
@@ -11,7 +11,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout project
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
         with:
           fetch-depth: 0
       - name: Get current date
@@ -27,7 +27,7 @@ jobs:
           sed -E -i "s/(<p.*>)[0-9]{4}\.[0-9]{2}\.[0-9]{2}<p>/\1${{ steps.cdate.outputs.date }}<p>/" docs/index.md
           sed -E -i "s/(<a.*href=\"https:\/\/github.com\/Checkmarx\/kics\/releases\/download\/).*(\/kics_).*(_[a-z]+_.*>)/\1v${{ github.event.inputs.version }}\2${{ github.event.inputs.version }}\3/g" docs/index.md
       - name: Create pull request
-        uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v6
+        uses: peter-evans/create-pull-request@84ae59a2cdc2258d6fa0732dd66352dddae2a412 # v6
         with:
           title: "docs(kicsbot): preparing for release ${{ github.event.inputs.version }}"
           token: ${{ secrets.KICS_BOT_PAT }}
diff --git a/.github/workflows/release-commits.yaml b/.github/workflows/release-commits.yaml
index e485fab5c45..43e40c53875 100644
--- a/.github/workflows/release-commits.yaml
+++ b/.github/workflows/release-commits.yaml
@@ -11,12 +11,12 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout Source
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
       - name: Set up Go
-        uses: actions/setup-go@v5
+        uses: actions/setup-go@v6
         with:
           go-version-file: go.mod
-      - uses: actions/setup-python@v5
+      - uses: actions/setup-python@v6
         with:
           python-version: "3.x"
       - name: Run get release commits script
diff --git a/.github/workflows/release-dkr-image.yml b/.github/workflows/release-dkr-image.yml
index 892b0ed28fb..9d4b772e151 100644
--- a/.github/workflows/release-dkr-image.yml
+++ b/.github/workflows/release-dkr-image.yml
@@ -14,7 +14,7 @@ jobs:
       DOCKER_CLI_EXPERIMENTAL: "enabled"
     steps:
       - name: Check out the repo
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
         with:
           fetch-depth: 0
       - name: Get Release version
@@ -36,14 +36,14 @@ jobs:
             - name: View HEAD Commit
               value: https://github.com/Checkmarx/kics/commit/${{ github.sha }}
       - name: Set up QEMU
-        uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v2
+        uses: docker/setup-qemu-action@c7c53464625b32c7a7e944ae62b3e17d2b600130 # v2
         with:
           image: tonistiigi/binfmt:latest
           platforms: linux/amd64,linux/arm64
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
       - name: Login to DockerHub
-        uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
+        uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
         with:
           username: ${{ secrets.DOCKER_USERNAME }}
           password: ${{ secrets.DOCKER_PASSWORD }}
@@ -51,7 +51,7 @@ jobs:
         run: echo "CREATED_AT=$(date --rfc-3339=seconds)" >> $GITHUB_ENV
       - name: Docker meta
         id: meta
-        uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0
+        uses: docker/metadata-action@c299e40c65443455700f0fdfc63efafe5b349051 # v5.10.0
         with:
           images: "checkmarx/kics"
           labels: |
diff --git a/.github/workflows/release-docker-github-actions.yaml b/.github/workflows/release-docker-github-actions.yaml
index 49291d67528..c9b543856b4 100644
--- a/.github/workflows/release-docker-github-actions.yaml
+++ b/.github/workflows/release-docker-github-actions.yaml
@@ -13,22 +13,22 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Check out the repo
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
         with:
           fetch-depth: 0
       - name: Check out the tag
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
         with:
           ref: ${{ github.event.inputs.version }}
       - name: Set up QEMU
-        uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v2
+        uses: docker/setup-qemu-action@c7c53464625b32c7a7e944ae62b3e17d2b600130 # v2
         with:
           image: tonistiigi/binfmt:latest
           platforms: linux/amd64,linux/arm64
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
       - name: Login to DockerHub
-        uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
+        uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
         with:
           username: ${{ secrets.DOCKER_USERNAME }}
           password: ${{ secrets.DOCKER_PASSWORD }}
@@ -36,7 +36,7 @@ jobs:
         run: echo "CREATED_AT=$(date --rfc-3339=seconds)" >> $GITHUB_ENV
       - name: Docker meta
         id: meta
-        uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0
+        uses: docker/metadata-action@c299e40c65443455700f0fdfc63efafe5b349051 # v5.10.0
         with:
           images: "checkmarx/kics"
           labels: |
@@ -66,11 +66,11 @@ jobs:
             DESCRIPTIONS_URL=${{ secrets.DESCRIPTIONS_URL }}
           labels: ${{ steps.meta.outputs.labels }}
       - name: Check out the repo
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
         with:
           fetch-depth: 0
       - name: Create Pull Request
-        uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v6
+        uses: peter-evans/create-pull-request@84ae59a2cdc2258d6fa0732dd66352dddae2a412 # v6
         with:
           title: "docs(kicsbot): update images digest"
           token: ${{ secrets.KICS_BOT_PAT }}
diff --git a/.github/workflows/release-extract-info.yaml b/.github/workflows/release-extract-info.yaml
index 88bbcc19fe1..4e9dc7dfe0b 100644
--- a/.github/workflows/release-extract-info.yaml
+++ b/.github/workflows/release-extract-info.yaml
@@ -9,8 +9,8 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout Source
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-      - uses: actions/setup-python@v5
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+      - uses: actions/setup-python@v6
         with:
           python-version: "3.x"
       - name: Run test statistics script
@@ -19,7 +19,7 @@ jobs:
           pip3 install -r .github/scripts/extract-kics-info/requirements.txt
           python3 .github/scripts/extract-kics-info/extract-info.py
       - name: Upload binaries to release
-        uses: svenstaro/upload-release-action@81c65b7cd4de9b2570615ce3aad67a41de5b1a13 # v2.11.2
+        uses: svenstaro/upload-release-action@6b7fa9f267e90b50a19fef07b3596790bb941741 # v2.11.3
         with:
           repo_token: ${{ secrets.GITHUB_TOKEN }}
           file: .github/scripts/extract-kics-info/extracted-info.zip
diff --git a/.github/workflows/release-kics-cxone.yaml b/.github/workflows/release-kics-cxone.yaml
index 9312ac69497..33c56a9fd5a 100644
--- a/.github/workflows/release-kics-cxone.yaml
+++ b/.github/workflows/release-kics-cxone.yaml
@@ -8,7 +8,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - name: Checkout code
-      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
 
     - name: Set up Git credentials
       run: |
diff --git a/.github/workflows/release-nightly.yml b/.github/workflows/release-nightly.yml
index 6137c8902d7..f2ac60ee629 100644
--- a/.github/workflows/release-nightly.yml
+++ b/.github/workflows/release-nightly.yml
@@ -13,7 +13,7 @@ jobs:
       sha8: ${{ steps.shorthash.outputs.sha8 }}
     steps:
       - name: Checkout
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
         with:
           fetch-depth: 0
       - name: Check if there are new commits since last nightly
@@ -28,7 +28,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
         with:
           fetch-depth: 0
       - uses: toko-bifrost/ms-teams-deploy-card@dcc94e4ce4088b1e6b6de5c9a3cda4ddcbe97d2e # 3.1.2
@@ -49,11 +49,11 @@ jobs:
             - name: View HEAD Commit
               value: https://github.com/Checkmarx/kics/commit/${{ github.sha }}
       - name: Set up Go
-        uses: actions/setup-go@v5
+        uses: actions/setup-go@v6
         with:
           go-version: 1.24.x
       - name: Run GoReleaser
-        uses: goreleaser/goreleaser-action@9c156ee8a17a598857849441385a2041ef570552 # v6.3.0
+        uses: goreleaser/goreleaser-action@e435ccd777264be153ace6237001ef4d979d3a7a # v6.4.0
         with:
           version: v0.160.0
           args: release --rm-dist --snapshot --skip-validate --config="./release/.goreleaser-nightly.yml"
@@ -128,7 +128,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Check out the repo
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
       - uses: toko-bifrost/ms-teams-deploy-card@dcc94e4ce4088b1e6b6de5c9a3cda4ddcbe97d2e # 3.1.2
         if: always()
         with:
@@ -147,14 +147,14 @@ jobs:
             - name: View HEAD Commit
               value: https://github.com/Checkmarx/kics/commit/${{ github.sha }}
       - name: Set up QEMU
-        uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v2
+        uses: docker/setup-qemu-action@c7c53464625b32c7a7e944ae62b3e17d2b600130 # v2
         with:
           image: tonistiigi/binfmt:latest
           platforms: linux/amd64,linux/arm64
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
       - name: Login to DockerHub
-        uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
+        uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
         with:
           username: ${{ secrets.DOCKER_USERNAME }}
           password: ${{ secrets.DOCKER_PASSWORD }}
@@ -162,7 +162,7 @@ jobs:
         run: echo "CREATED_AT=$(date --rfc-3339=seconds)" >> $GITHUB_ENV
       - name: Docker meta
         id: meta
-        uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0
+        uses: docker/metadata-action@c299e40c65443455700f0fdfc63efafe5b349051 # v5.10.0
         with:
           images: "checkmarx/kics"
           labels: |
@@ -233,7 +233,7 @@ jobs:
             DESCRIPTIONS_URL=${{ secrets.DESCRIPTIONS_URL }}
           labels: ${{ steps.meta.outputs.labels }}
       - name: Create Pull Request
-        uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v6
+        uses: peter-evans/create-pull-request@84ae59a2cdc2258d6fa0732dd66352dddae2a412 # v6
         with:
           title: "docs(kicsbot): update images digest"
           token: ${{ secrets.KICS_BOT_PAT }}
diff --git a/.github/workflows/sec-checks.yaml b/.github/workflows/sec-checks.yaml
index 64996fa9371..f1d9f0c17ca 100644
--- a/.github/workflows/sec-checks.yaml
+++ b/.github/workflows/sec-checks.yaml
@@ -10,9 +10,9 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
       - name: Run Trivy vulnerability scanner in repo mode
-        uses: aquasecurity/trivy-action@dc5a429b52fcf669ce959baa2c2dd26090d2a6c4 #v 0.32.0
+        uses: aquasecurity/trivy-action@b6643a29fecd7f34b3597bc6acb0a98b03d33ff8 #v 0.33.1
         with:
           scan-type: 'fs'
           ignore-unfixed: true
@@ -27,7 +27,7 @@ jobs:
         run: cat ./results.txt
       - name: Upload artifact
         if: always()
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
         with:
           name: trivy-fs-scan-results
           path: ./results.txt
@@ -40,7 +40,7 @@ jobs:
         kics-docker: [ "Dockerfile" ]
     steps:
       - name: Checkout code
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1
       - name: Build
@@ -59,7 +59,7 @@ jobs:
           cache-from: type=local,src=/tmp/.buildx-cache
           cache-to: type=local,dest=/tmp/.buildx-cache
       - name: Run Trivy vulnerability scanner
-        uses: aquasecurity/trivy-action@dc5a429b52fcf669ce959baa2c2dd26090d2a6c4 #v 0.32.0
+        uses: aquasecurity/trivy-action@b6643a29fecd7f34b3597bc6acb0a98b03d33ff8 #v 0.33.1
         with:
           image-ref: kics:sec-trivy-tests-${{ github.sha }}
           ignore-unfixed: true
@@ -75,7 +75,7 @@ jobs:
         run: cat ./results.txt
       - name: Upload artifact
         if: always()
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
         with:
           name: trivy-docker-image-scan-results
           path: ./results.txt
@@ -84,10 +84,10 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
       - name: Run Grype vulnerability scanner in repo mode
         id: grype-fs-scan
-        uses: anchore/scan-action@16910ac423301c6d30554b83a7f71ac6ff4a51f3 # v6.4.0
+        uses: anchore/scan-action@40a61b52209e9d50e87917c5b901783d546b12d0 # v7.2.1
         with:
           path: "."
           only-fixed: true
@@ -103,7 +103,7 @@ jobs:
         kics-docker: [ "Dockerfile" ]
     steps:
       - name: Check out code
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
         with:
           persist-credentials: false
       - name: Set up Docker Buildx
@@ -125,7 +125,7 @@ jobs:
           cache-to: type=local,dest=/tmp/.buildx-cache
       - name: Scan image
         id: grype-image-scan
-        uses: anchore/scan-action@16910ac423301c6d30554b83a7f71ac6ff4a51f3 # v6.4.0
+        uses: anchore/scan-action@40a61b52209e9d50e87917c5b901783d546b12d0 # v7.2.1
         with:
           image: kics:sec-tests-${{ github.sha }}
           only-fixed: true
@@ -137,8 +137,8 @@ jobs:
     name: govulncheck fs scan
     steps:
       - name: Checkout code
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-      - uses: actions/setup-go@v5
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+      - uses: actions/setup-go@v6
         with:
           go-version: 'stable'
       - name: Install govulncheck
@@ -152,7 +152,7 @@ jobs:
         run: cat ./results.txt
       - name: Upload artifact
         if: always()
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
         with:
           name: govulncheck-fs-scan-results
           path: ./results.txt
@@ -161,8 +161,8 @@ jobs:
     name: govulncheck binary scan
     steps:
       - name: Checkout code
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-      - uses: actions/setup-go@v5
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
+      - uses: actions/setup-go@v6
         with:
           go-version: 'stable'
       - name: Build kics
@@ -178,7 +178,7 @@ jobs:
         run: cat ./results.txt
       - name: Upload artifact
         if: always()
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
         with:
           name: govulncheck-binary-scan-results
           path: ./results.txt
@@ -189,7 +189,7 @@ jobs:
           cat binary_dependencies.txt
       - name: Upload artifact
         if: always()
-        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
         with:
           name: binary-dependencies
           path: ./binary_dependencies.txt
\ No newline at end of file
diff --git a/.github/workflows/sonarcloud-scan-branch.yml b/.github/workflows/sonarcloud-scan-branch.yml
index 6306c2679d8..04b2e7e1fab 100644
--- a/.github/workflows/sonarcloud-scan-branch.yml
+++ b/.github/workflows/sonarcloud-scan-branch.yml
@@ -13,7 +13,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Check out the repo
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
         with:
           ref: ${{ github.event.inputs.branch }}
       - name: SonarCloud Scan
diff --git a/.github/workflows/sonarcloud.yml b/.github/workflows/sonarcloud.yml
index 4561a64ad12..75f98ca730e 100644
--- a/.github/workflows/sonarcloud.yml
+++ b/.github/workflows/sonarcloud.yml
@@ -10,7 +10,7 @@ jobs:
     runs-on: ubuntu-latest
     if: github.repository == 'Checkmarx/kics'
     steps:
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
         with:
           fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis
       - name: SonarCloud Scan
diff --git a/.github/workflows/statistics.yaml b/.github/workflows/statistics.yaml
index 6cd139801f9..4a08d8ef681 100644
--- a/.github/workflows/statistics.yaml
+++ b/.github/workflows/statistics.yaml
@@ -10,9 +10,9 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout Source
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
       - name: Set up Go
-        uses: actions/setup-go@v5
+        uses: actions/setup-go@v6
         with:
           go-version-file: go.mod
       - name: Run test metrics script
@@ -28,7 +28,7 @@ jobs:
           sudo apt-get install cloc
           GO_LOC=$(cloc . | grep Go | grep -Eo '[0-9]+$')
           echo "::set-output name=goloc::${GO_LOC}"
-      - uses: actions/setup-python@v5
+      - uses: actions/setup-python@v6
         with:
           python-version: "3.x"
       - name: Run test statistics script
diff --git a/.github/workflows/update-docs-queries.yaml b/.github/workflows/update-docs-queries.yaml
index 2f28ccb1f68..c637266b70f 100644
--- a/.github/workflows/update-docs-queries.yaml
+++ b/.github/workflows/update-docs-queries.yaml
@@ -18,10 +18,10 @@ jobs:
         uses: styfle/cancel-workflow-action@85880fa0301c86cca9da44039ee3bb12d3bedbfa # 0.12.1
         with:
           access_token: ${{ github.token }}
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
         with:
           fetch-depth: 0
-      - uses: actions/setup-python@v5
+      - uses: actions/setup-python@v6
         with:
           python-version: "3.x"
       - name: Update docs
@@ -39,7 +39,7 @@ jobs:
             --t .github/scripts/docs-generator/query-page-generator/templates/query-page-template.md \
             --df
       - name: Create Pull Request
-        uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v6
+        uses: peter-evans/create-pull-request@84ae59a2cdc2258d6fa0732dd66352dddae2a412 # v6
         with:
           title: "docs(queries): update queries catalog"
           token: ${{ secrets.KICS_BOT_PAT }}
diff --git a/.github/workflows/update-docs-release.yaml b/.github/workflows/update-docs-release.yaml
index afa075e4dfe..797ecaf4668 100644
--- a/.github/workflows/update-docs-release.yaml
+++ b/.github/workflows/update-docs-release.yaml
@@ -16,7 +16,7 @@ jobs:
         with:
           access_token: ${{ github.token }}
       - name: Checkout project
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
         with:
           fetch-depth: 0
       - name: Get release version
@@ -32,7 +32,7 @@ jobs:
           echo "curr tag ${{ steps.version.outputs.ctag }}"
           echo "prev ver ${{ steps.version.outputs.pversion }}"
           echo "curr ver ${{ steps.version.outputs.cversion }}"
-      - uses: actions/setup-python@v5
+      - uses: actions/setup-python@v6
         with:
           python-version: 3.x
       - name: Install dependencies
diff --git a/.github/workflows/update-infra-version.yaml b/.github/workflows/update-infra-version.yaml
index d5a2dd69083..0e807c50cb6 100644
--- a/.github/workflows/update-infra-version.yaml
+++ b/.github/workflows/update-infra-version.yaml
@@ -12,17 +12,17 @@ jobs:
     if: "!github.event.release.prerelease"
     steps:
       - name: Checkout project
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
         with:
           fetch-depth: 0
       - name: Update Terraform Cloud Integration
-        uses: peter-evans/repository-dispatch@ff45666b9427631e3450c54a1bcbee4d9ff4d7c0 # v3
+        uses: peter-evans/repository-dispatch@28959ce8df70de7be546dd1250a005dd32156697 # v3
         with:
           token: ${{ secrets.KICS_BOT_PAT }}
           repository: ${{ secrets.TFC_REPO_PATH }}
           event-type: new-release
       - name: Update Infra
-        uses: peter-evans/repository-dispatch@ff45666b9427631e3450c54a1bcbee4d9ff4d7c0 # v3
+        uses: peter-evans/repository-dispatch@28959ce8df70de7be546dd1250a005dd32156697 # v3
         with:
           token: ${{ secrets.KICS_BOT_PAT }}
           repository: ${{ secrets.INFRA_REPO }}
diff --git a/.github/workflows/update-install-script.yaml b/.github/workflows/update-install-script.yaml
index 30a8e40f1bb..bda1aa9d3ff 100644
--- a/.github/workflows/update-install-script.yaml
+++ b/.github/workflows/update-install-script.yaml
@@ -13,7 +13,7 @@ jobs:
         with:
           access_token: ${{ github.token }}
       - name: Checkout project
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
         with:
           fetch-depth: 0
       - name: Get Godownloader
@@ -30,7 +30,7 @@ jobs:
             && chmod +x godownloader \
             && rm -vf $(basename "${FULL_URL}") \
             && cd "${PROJDIR}"
-      - uses: actions/setup-python@v5
+      - uses: actions/setup-python@v6
         with:
           python-version: "3.x"
       - name: Install dependencies
@@ -50,7 +50,7 @@ jobs:
       - name: Update install.sh
         run: ./.bin/godownloader --repo Checkmarx/kics <(echo ${{ steps.outputs.filter.goreleaser }}) > install.sh
       - name: Create Pull Request
-        uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v6
+        uses: peter-evans/create-pull-request@84ae59a2cdc2258d6fa0732dd66352dddae2a412 # v6
         with:
           title: "chore(install): update install script"
           token: ${{ secrets.KICS_BOT_PAT }}
diff --git a/.github/workflows/update_software_versions.yml b/.github/workflows/update_software_versions.yml
index 56af42fa0c2..1d3adc8cae7 100644
--- a/.github/workflows/update_software_versions.yml
+++ b/.github/workflows/update_software_versions.yml
@@ -7,10 +7,10 @@ jobs:
     runs-on: ubuntu-latest    
     steps:
       - name: Checkout project
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
         with:
           fetch-depth: 0
-      - uses: actions/setup-python@v5
+      - uses: actions/setup-python@v6
         with:
           python-version: "3.x"
       - name: Run update_versions script
@@ -25,7 +25,7 @@ jobs:
              *.json
       - name: Create pull request
         if: steps.verify-changed-files.outputs.files_changed == 'true'
-        uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e # v6
+        uses: peter-evans/create-pull-request@84ae59a2cdc2258d6fa0732dd66352dddae2a412 # v6
         with:
           title: "build(deps): updating software versions"
           token: ${{ secrets.KICS_BOT_PAT }}
diff --git a/.github/workflows/validate-ansible-samples.yml b/.github/workflows/validate-ansible-samples.yml
index 039abd9942d..e633c64eb3c 100644
--- a/.github/workflows/validate-ansible-samples.yml
+++ b/.github/workflows/validate-ansible-samples.yml
@@ -11,7 +11,7 @@ jobs:
   lint-samples:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
         with:
           persist-credentials: false
       - name: yaml-lint
diff --git a/.github/workflows/validate-arm-samples.yaml b/.github/workflows/validate-arm-samples.yaml
index b97cc29ad0e..c235f22fbfe 100644
--- a/.github/workflows/validate-arm-samples.yaml
+++ b/.github/workflows/validate-arm-samples.yaml
@@ -9,10 +9,10 @@ jobs:
   lint-json-samples:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
         with:
           persist-credentials: false
-      - uses: actions/setup-node@v4
+      - uses: actions/setup-node@v6
         with:
           node-version: "20"
       - name: Installing jsonlint
diff --git a/.github/workflows/validate-cfn-samples.yml b/.github/workflows/validate-cfn-samples.yml
index 0a57f76a190..f6a43fd48b0 100644
--- a/.github/workflows/validate-cfn-samples.yml
+++ b/.github/workflows/validate-cfn-samples.yml
@@ -11,10 +11,10 @@ jobs:
   validate-cfn-syntax:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
         with:
           persist-credentials: false
-      - uses: actions/setup-python@v5
+      - uses: actions/setup-python@v6
         with:
           python-version: '3.x'
       - name: Get commit changed files
diff --git a/.github/workflows/validate-dkr-samples.yml b/.github/workflows/validate-dkr-samples.yml
index fe233ce9578..231031d2b56 100644
--- a/.github/workflows/validate-dkr-samples.yml
+++ b/.github/workflows/validate-dkr-samples.yml
@@ -9,7 +9,7 @@ jobs:
   validate-dockerfile-syntax:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
         with:
           persist-credentials: false
       - name: Get Hadolint
diff --git a/.github/workflows/validate-issues.yaml b/.github/workflows/validate-issues.yaml
index 976f03c4f50..0fda1ba6fc5 100644
--- a/.github/workflows/validate-issues.yaml
+++ b/.github/workflows/validate-issues.yaml
@@ -10,7 +10,7 @@ jobs:
       TITLE: ${{ github.event.issue.title }}
     steps:
     - name: Checkout code
-      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
       with:
         persist-credentials: false
         sparse-checkout: |
@@ -18,7 +18,7 @@ jobs:
           .github/scripts/pr-issue-info/get_title_types.py
           .github/issue-title-types.yaml
     - name: Set up Python
-      uses: actions/setup-python@v5
+      uses: actions/setup-python@v6
       with:
         python-version: "3.x"
     - name: Install dependencies
@@ -69,7 +69,7 @@ jobs:
       TITLE: ${{ github.event.issue.title }}
     steps:
     - name: Checkout code
-      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
       with:
         persist-credentials: false
         sparse-checkout: |
@@ -138,7 +138,7 @@ jobs:
           fi
         fi
     - name: Set up Python
-      uses: actions/setup-python@v5
+      uses: actions/setup-python@v6
       with:
         python-version: "3.x"
     - name: Install dependencies
diff --git a/.github/workflows/validate-k8s-samples.yml b/.github/workflows/validate-k8s-samples.yml
index 68901309a7c..9fce2fc976a 100644
--- a/.github/workflows/validate-k8s-samples.yml
+++ b/.github/workflows/validate-k8s-samples.yml
@@ -10,7 +10,7 @@ jobs:
   validate-k8s-manifests:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
         with:
           persist-credentials: false
       - name: Get Kubeval
diff --git a/.github/workflows/validate-openapi-samples.yaml b/.github/workflows/validate-openapi-samples.yaml
index e6c68a0d0d8..ce2faadc11d 100644
--- a/.github/workflows/validate-openapi-samples.yaml
+++ b/.github/workflows/validate-openapi-samples.yaml
@@ -10,7 +10,7 @@ jobs:
   lint-yaml-samples:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
         with:
           persist-credentials: false
       - name: yaml-lint
@@ -22,10 +22,10 @@ jobs:
   lint-json-samples:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
         with:
           persist-credentials: false
-      - uses: actions/setup-node@v4
+      - uses: actions/setup-node@v6
         with:
           node-version: '20'
       - name: Installing jsonlint
diff --git a/.github/workflows/validate-prs.yaml b/.github/workflows/validate-prs.yaml
index 6eb7c990000..ffac2e1fbb0 100644
--- a/.github/workflows/validate-prs.yaml
+++ b/.github/workflows/validate-prs.yaml
@@ -12,7 +12,7 @@ jobs:
       TITLE: ${{ github.event.pull_request.title }}
     steps:
     - name: Checkout code
-      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
       with:
         persist-credentials: false
         sparse-checkout: |
@@ -22,7 +22,7 @@ jobs:
     - name: Print PR Title
       run: echo "$TITLE"
     - name: Set up Python
-      uses: actions/setup-python@v5
+      uses: actions/setup-python@v6
       with:
         python-version: "3.x"
     - name: Install dependencies
@@ -73,7 +73,7 @@ jobs:
       TITLE: ${{ github.event.pull_request.title }}
     steps:
     - name: Checkout code
-      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
       with:
         persist-credentials: false
         sparse-checkout: |
@@ -153,7 +153,7 @@ jobs:
           fi
         fi
     - name: Set up Python
-      uses: actions/setup-python@v5
+      uses: actions/setup-python@v6
       with:
         python-version: "3.x"
     - name: Install dependencies
diff --git a/.github/workflows/validate-queries-metadata.yml b/.github/workflows/validate-queries-metadata.yml
index 9326728de38..326bfc6b1ef 100644
--- a/.github/workflows/validate-queries-metadata.yml
+++ b/.github/workflows/validate-queries-metadata.yml
@@ -9,7 +9,7 @@ jobs:
   validate-metadata:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
         with:
           persist-credentials: false
       - name: Run queries metadata validation script
diff --git a/.github/workflows/validate-tf-samples.yml b/.github/workflows/validate-tf-samples.yml
index f5d6119a575..f206cd677e4 100644
--- a/.github/workflows/validate-tf-samples.yml
+++ b/.github/workflows/validate-tf-samples.yml
@@ -9,7 +9,7 @@ jobs:
   lint-samples:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
         with:
           persist-credentials: false
       - name: Get tflint