diff --git a/.github/workflows/e2e-build-images.yaml b/.github/workflows/e2e-build-images.yaml
index 7c05432bb..7b04c749e 100644
--- a/.github/workflows/e2e-build-images.yaml
+++ b/.github/workflows/e2e-build-images.yaml
@@ -79,7 +79,7 @@ jobs:
       - uses: azure/login@v2
         with:
           creds: ${{ secrets.AZURE_CREDENTIALS }}
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
       - uses: actions/setup-go@v6
         with:
           go-version-file: go.mod
diff --git a/.github/workflows/e2e-tests.yaml b/.github/workflows/e2e-tests.yaml
index 8c1113227..6e89fe938 100644
--- a/.github/workflows/e2e-tests.yaml
+++ b/.github/workflows/e2e-tests.yaml
@@ -41,7 +41,7 @@ jobs:
       - uses: azure/login@v2
         with:
           creds: ${{ secrets.AZURE_CREDENTIALS }}
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
         with:
           repository: ${{ inputs.repository || github.repository }}
           ref: ${{ inputs.branch || github.ref }}
@@ -102,7 +102,7 @@ jobs:
       - uses: azure/login@v2
         with:
           creds: ${{ secrets.AZURE_CREDENTIALS }}
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
         with:
           repository: ${{ inputs.repository || github.repository }}
           ref: ${{ inputs.branch || github.ref }}
diff --git a/.github/workflows/patch-vendored-samba.yaml b/.github/workflows/patch-vendored-samba.yaml
index 511d35767..35ee534a9 100644
--- a/.github/workflows/patch-vendored-samba.yaml
+++ b/.github/workflows/patch-vendored-samba.yaml
@@ -23,9 +23,9 @@ jobs:
       changed: ${{ steps.compute-diff.outputs.changed }}
       samba-ref: ${{ steps.compute-diff.outputs.samba-ref }}
     steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
       - name: Checkout Samba files
-        uses: actions/checkout@v5
+        uses: actions/checkout@v6
         with:
           repository: samba-team/samba
           sparse-checkout: ${{ env.checkout_files }}
@@ -56,7 +56,7 @@ jobs:
     needs: check-for-changes
     if: ${{ needs.check-for-changes.outputs.changed == 'true' }}
     steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
       - name: Replace with updated Samba source
         uses: actions/download-artifact@v6
         with:
diff --git a/.github/workflows/policy-builds.yaml b/.github/workflows/policy-builds.yaml
index e5fed48d8..824cce578 100644
--- a/.github/workflows/policy-builds.yaml
+++ b/.github/workflows/policy-builds.yaml
@@ -19,7 +19,7 @@ jobs:
     name: Build admxgen static binary
     runs-on: ${{ vars.RUNNER }}
     steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
       - uses: actions/setup-go@v6
         with:
           go-version-file: go.mod
@@ -222,7 +222,7 @@ jobs:
       - generate-ad
       - generate-doc
     steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
       - name: Download adm template files for "all"
         uses: actions/download-artifact@v6
         with:
@@ -262,7 +262,7 @@ jobs:
     needs: integrate
     if: ${{ failure() }}
     steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
       - name: Create issue if build failed
         uses: JasonEtco/create-an-issue@v2
         env:
diff --git a/.github/workflows/qa.yaml b/.github/workflows/qa.yaml
index 8f47a3f14..02a0e8c9f 100644
--- a/.github/workflows/qa.yaml
+++ b/.github/workflows/qa.yaml
@@ -32,7 +32,7 @@ jobs:
           sudo DEBIAN_FRONTEND=noninteractive apt-get install -y ${{ env.apt_dependencies }}
       - name: work around permission issue with git vulnerability (we are local here). TO REMOVE
         run: git config --global --add safe.directory /__w/adsys/adsys
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
       - name: Go code sanity check
         uses: canonical/desktop-engineering/gh-actions/go/code-sanity@v2
         with:
@@ -53,7 +53,7 @@ jobs:
     name: Tests
     runs-on: ubuntu-24.04
     steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
       - uses: actions/setup-go@v6
         with:
           go-version-file: go.mod
@@ -120,7 +120,7 @@ jobs:
     env:
       packages: ./internal/loghooks ./internal/watchdservice ./internal/watchdtui ./internal/watcher ./internal/config/watchd ./cmd/adwatchd ./cmd/adwatchd/integration_tests
     steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
         with:
           fetch-depth: 0
       - uses: actions/setup-go@v6
diff --git a/.github/workflows/tics-report-daily.yaml b/.github/workflows/tics-report-daily.yaml
index 5981d45aa..908822260 100644
--- a/.github/workflows/tics-report-daily.yaml
+++ b/.github/workflows/tics-report-daily.yaml
@@ -20,7 +20,7 @@ jobs:
     name: TIOBE TiCS Framework
     runs-on: ${{ vars.RUNNER }}
     steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
       - uses: actions/setup-go@v6
         with:
           go-version-file: go.mod