diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml
index b2a0ba7a47c75a2a79bb5d0c7e4b16c2056d8954..d9e845ce02804b80013219c7e1d1e1a4a16132a2 100644
--- a/.github/workflows/scorecard.yml
+++ b/.github/workflows/scorecard.yml
@@ -50,6 +50,6 @@ jobs:
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: 'Upload to code-scanning'
-        uses: github/codeql-action/upload-sarif@17573ee1cc1b9d061760f3a006fc4aac4f944fd5 # v2.2.4
+        uses: github/codeql-action/upload-sarif@6a28655e3dcb49cb0840ea372fd6d17733edd8a4 # v2.21.8
         with:
           sarif_file: results.sarif