diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
index 1aaaa4a..ad7d502 100644
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@@ -110,21 +110,21 @@ jobs:
           subject-path: ${{ env.PACKAGE_FILE }}
           
       - name: Generate SPDX JSON SBOM
-        uses: anchore/sbom-action@f8bdd1d8ac5e901a77a92f111440fdb1b593736b # v0.20.6
+        uses: anchore/sbom-action@aa0e114b2e19480f157109b9922bda359bd98b90 # v0.20.8
         with:
           path: .
           format: 'spdx-json'
           output-file: 'create-claude-${{ env.VERSION }}.sbom.spdx.json'
           
       - name: Generate CycloneDX JSON SBOM
-        uses: anchore/sbom-action@f8bdd1d8ac5e901a77a92f111440fdb1b593736b # v0.20.6
+        uses: anchore/sbom-action@aa0e114b2e19480f157109b9922bda359bd98b90 # v0.20.8
         with:
           path: .
           format: 'cyclonedx-json'
           output-file: 'create-claude-${{ env.VERSION }}.sbom.cyclonedx.json'
           
       - name: Generate CycloneDX XML SBOM
-        uses: anchore/sbom-action@f8bdd1d8ac5e901a77a92f111440fdb1b593736b # v0.20.6
+        uses: anchore/sbom-action@aa0e114b2e19480f157109b9922bda359bd98b90 # v0.20.8
         with:
           path: .
           format: 'cyclonedx-xml'