diff --git a/.github/workflows/vulnerability-scan.yaml b/.github/workflows/vulnerability-scan.yaml
index d91c1baac..2ef4bcf63 100644
--- a/.github/workflows/vulnerability-scan.yaml
+++ b/.github/workflows/vulnerability-scan.yaml
@@ -43,7 +43,7 @@ jobs:
 
       - if: ${{ always() && steps.database-restore.outputs.cache-hit != 'true' }}
         name: Install Grype
-        uses: anchore/scan-action/download-grype@1638637db639e0ade3258b51db49a9a137574c3e # v6.5.1
+        uses: anchore/scan-action/download-grype@40a61b52209e9d50e87917c5b901783d546b12d0 # v7.2.1
         id: grype
 
       - if: ${{ always() && steps.database-restore.outputs.cache-hit != 'true' }}
@@ -82,7 +82,7 @@ jobs:
           path: ~/.cache/grype/db
 
       - name: Scan
-        uses: anchore/scan-action@1638637db639e0ade3258b51db49a9a137574c3e # v6.5.1
+        uses: anchore/scan-action@40a61b52209e9d50e87917c5b901783d546b12d0 # v7.2.1
         id: scan
         with:
           fail-build: false