diff --git a/.github/actions/bootstrap/action.yml b/.github/actions/bootstrap/action.yml
index 89acba5a..f0c3f342 100644
--- a/.github/actions/bootstrap/action.yml
+++ b/.github/actions/bootstrap/action.yml
@@ -12,7 +12,7 @@ runs:
   using: "composite"
   steps:
 
-    - uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5
+    - uses: actions/setup-go@v5
       with:
         go-version-file: 'go.mod'
 
@@ -28,4 +28,4 @@ runs:
     # See https://goreleaser.com/blog/supply-chain-security/
     - name: installs syft for generating the SBOM with goreleaser
       if: "${{ inputs.goreleaser == 'true' }}"
-      uses: anchore/sbom-action/download-syft@7b36ad622f042cab6f59a75c2ac24ccb256e9b45 # v0.20.4
+      uses: anchore/sbom-action/download-syft@da167eac915b4e86f08b264dbdbc867b61be6f0c # v0.20.5
diff --git a/.github/workflows/dependabot-pr.yml b/.github/workflows/dependabot-pr.yml
index 4c46d86b..7ab7773d 100644
--- a/.github/workflows/dependabot-pr.yml
+++ b/.github/workflows/dependabot-pr.yml
@@ -19,7 +19,7 @@ jobs:
       contents: write
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
+      - uses: actions/checkout@v5
 
       - name: Bootstrap Action Workspace
         uses: ./.github/actions/bootstrap
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 074375ce..a3cfffba 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -20,11 +20,11 @@ jobs:
   build:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
+      - uses: actions/checkout@v5
         with:
           fetch-depth: 0
 
-      - uses: elastic/oblt-actions/aws/auth@476391c0e6815110ce488b8b09c80ed61848a28a # v1
+      - uses: elastic/oblt-actions/aws/auth@v1
         with:
           aws-account-id: "267093732750"
 
@@ -53,7 +53,7 @@ jobs:
         run: make release
 
       # Store artifacts to help with troubleshooting
-      - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4
+      - uses: actions/upload-artifact@v4
         if: always()
         with:
           name: release
@@ -61,7 +61,7 @@ jobs:
           retention-days: 5
 
       - name: generate build provenance (binaries)
-        uses: actions/attest-build-provenance@e8998f949152b193b063cb0ec769d69d929409be  # v2.4.0
+        uses: actions/attest-build-provenance@v3
         with:
           subject-path: "${{ github.workspace }}/dist/*.*"
 
@@ -71,13 +71,13 @@ jobs:
         run: .ci/get-docker-provenance.sh
 
       - name: generate build provenance (containers x86_64)
-        uses: actions/attest-build-provenance@e8998f949152b193b063cb0ec769d69d929409be  # v2.4.0
+        uses: actions/attest-build-provenance@v3
         with:
           subject-name: ${{ steps.image.outputs.name_1 }}
           subject-digest: ${{ steps.image.outputs.digest_1 }}
 
       - name: generate build provenance (containers arm64)
-        uses: actions/attest-build-provenance@e8998f949152b193b063cb0ec769d69d929409be  # v2.4.0
+        uses: actions/attest-build-provenance@v3
         with:
           subject-name: ${{ steps.image.outputs.name_2 }}
           subject-digest: ${{ steps.image.outputs.digest_2 }}
@@ -89,7 +89,7 @@ jobs:
           VERSION: ${{ github.ref_name }}
 
       - if: ${{ success() }}
-        uses: elastic/oblt-actions/slack/send@476391c0e6815110ce488b8b09c80ed61848a28a # v1
+        uses: elastic/oblt-actions/slack/send@v1
         with:
           bot-token: ${{ secrets.SLACK_BOT_TOKEN }}
           channel-id: "#apm-aws-lambda"
@@ -98,7 +98,7 @@ jobs:
             Build: (<${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}|here>)
 
       - if: ${{ failure() }}
-        uses: elastic/oblt-actions/slack/send@476391c0e6815110ce488b8b09c80ed61848a28a # v1
+        uses: elastic/oblt-actions/slack/send@v1
         with:
           bot-token: ${{ secrets.SLACK_BOT_TOKEN }}
           channel-id: "#apm-aws-lambda"
diff --git a/.github/workflows/smoke-tests.yml b/.github/workflows/smoke-tests.yml
index 6ecefaff..729bec82 100644
--- a/.github/workflows/smoke-tests.yml
+++ b/.github/workflows/smoke-tests.yml
@@ -34,7 +34,7 @@ jobs:
       contents: read
       id-token: write
     steps:
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
+      - uses: actions/checkout@v5
       - name: Bootstrap Action Workspace
         uses: ./.github/actions/bootstrap
         with:
@@ -42,8 +42,8 @@ jobs:
       - uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd # v3
         with:
           terraform_version: 1.2.3
-      - uses: elastic/oblt-actions/aws/auth@476391c0e6815110ce488b8b09c80ed61848a28a # v1
-      - uses: elastic/oblt-actions/google/auth@476391c0e6815110ce488b8b09c80ed61848a28a # v1
+      - uses: elastic/oblt-actions/aws/auth@v1
+      - uses: elastic/oblt-actions/google/auth@v1
       - uses: google-github-actions/get-secretmanager-secrets@50ec04d56ddf2740b0bde82926cc742f90e06d2b # v2.2.4
         with:
           export_to_environment: true
@@ -67,7 +67,7 @@ jobs:
         run: make smoketest/cleanup
 
       - if: always()
-        uses: elastic/oblt-actions/slack/notify-result@476391c0e6815110ce488b8b09c80ed61848a28a # v1
+        uses: elastic/oblt-actions/slack/notify-result@v1
         with:
           bot-token: ${{ secrets.SLACK_BOT_TOKEN }}
           channel-id: "#apm-aws-lambda"
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 32180c01..7b715bc1 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -33,7 +33,7 @@ jobs:
           - "macos-latest"
     runs-on: ${{ matrix.platform }}
     steps:
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
+      - uses: actions/checkout@v5
       - name: Bootstrap Action Workspace
         uses: ./.github/actions/bootstrap
       - name: Test
@@ -41,7 +41,7 @@ jobs:
   build:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
+      - uses: actions/checkout@v5
 
       - name: Bootstrap Action Workspace
         uses: ./.github/actions/bootstrap
@@ -51,7 +51,7 @@ jobs:
       - name: Build
         run: make dist
 
-      - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4
+      - uses: actions/upload-artifact@v4
         if: always()
         with:
           name: snapshots
@@ -61,7 +61,7 @@ jobs:
   lint:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
+      - uses: actions/checkout@v5
       - name: Bootstrap Action Workspace
         uses: ./.github/actions/bootstrap
       - run: make lint-prep
@@ -70,7 +70,7 @@ jobs:
   notice:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
+      - uses: actions/checkout@v5
       - name: Bootstrap Action Workspace
         uses: ./.github/actions/bootstrap
       - name: notice
@@ -88,7 +88,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - id: check
-        uses: elastic/oblt-actions/check-dependent-jobs@476391c0e6815110ce488b8b09c80ed61848a28a # v1
+        uses: elastic/oblt-actions/check-dependent-jobs@v1
         with:
           jobs: ${{ toJSON(needs) }}
       - run: ${{ steps.check.outputs.is-success }}