diff --git a/.github/actions/attack/action.yml b/.github/actions/attack/action.yml
index d86f688..2d60ca3 100644
--- a/.github/actions/attack/action.yml
+++ b/.github/actions/attack/action.yml
@@ -79,7 +79,7 @@ runs:
       #   with:
       #     sarif_file: snyk-container.sarif # :FIXME: <-- this is broken, post-process
     - name: Upload vulner report to GitHub Code Scanning
-      uses: github/codeql-action/upload-sarif@f079b8493333aace61c81488f8bd40919487bd9f # v3
+      uses: github/codeql-action/upload-sarif@2e230e8fe0ad3a14a340ad0815ddb96d599d2aff # v3
       with:
         sarif_file: nmap-reports/vulners/vulners-report.sarif
 #