diff --git a/.github/workflows/push.yml b/.github/workflows/push.yml
index 6e6d326a1c..845226a9fd 100644
--- a/.github/workflows/push.yml
+++ b/.github/workflows/push.yml
@@ -60,7 +60,7 @@ jobs:
 
       - name: Build and push ${{ github.repository }}
         if: ${{ env.IMAGE_EXISTS == 0 }}
-        uses: docker/build-push-action@v5
+        uses: docker/build-push-action@v6
         with:
           build-args: |
             SC_THEME_BUILD=${{ matrix.tenants }}
@@ -141,7 +141,7 @@ jobs:
         security-events: write
     steps:
       - name: run trivy vulnerability scanner
-        uses: aquasecurity/trivy-action@915b19bbe73b92a6cf82a1bc12b087c9a19a5fe2
+        uses: aquasecurity/trivy-action@0.29.0
         with:
           image-ref: 'ghcr.io/${{ github.repository }}-default:${{ needs.branch_meta.outputs.sha }}'
           format: 'sarif'
diff --git a/.github/workflows/tag.yml b/.github/workflows/tag.yml
index a6b03be425..bc342441ce 100644
--- a/.github/workflows/tag.yml
+++ b/.github/workflows/tag.yml
@@ -42,7 +42,7 @@ jobs:
             password: ${{ secrets.QUAY_TOKEN }}
 
       - name: Build and push ${{ github.repository }}
-        uses: docker/build-push-action@v5
+        uses: docker/build-push-action@v6
         with:
           build-args: |
             SC_THEME_BUILD=${{ matrix.tenants }}
@@ -64,13 +64,13 @@ jobs:
           contents: write
       steps:
           - name: create sbom
-            uses: aquasecurity/trivy-action@1f6384b6ceecbbc6673526f865b818a2a06b07c9
+            uses: aquasecurity/trivy-action@0.29.0
             with:
                 scan-type: 'image'
                 format: 'cyclonedx'
                 image-ref: 'docker.io/schulcloud/schulcloud-client-default:${{ github.ref_name }}'
                 output: 'dependency-results.sbom.json'
           - name: create release
-            uses: softprops/action-gh-release@v1
+            uses: softprops/action-gh-release@v2
             with:
                 files: dependency-results.sbom.json