diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml
index 7658b0fe..1e00e49e 100644
--- a/.github/workflows/codeql.yaml
+++ b/.github/workflows/codeql.yaml
@@ -34,11 +34,11 @@ jobs:
           check-latest: true
           go-version: 1.25.2
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@v3
+        uses: github/codeql-action/init@v4
         with:
           languages: go
           queries: security-extended
       - name: Autobuild
-        uses: github/codeql-action/autobuild@v3
+        uses: github/codeql-action/autobuild@v4
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@v3
+        uses: github/codeql-action/analyze@v4
diff --git a/internal/core/constants.go b/internal/core/constants.go
index 678baf34..bcbd3049 100644
--- a/internal/core/constants.go
+++ b/internal/core/constants.go
@@ -36,9 +36,9 @@ const (
 	DockerQemuAction      = "docker/setup-qemu-action@v3"
 	DockerBuildPushAction = "docker/build-push-action@v6"
 
-	CodeqlInitAction      = "github/codeql-action/init@v3"
-	CodeqlAnalyzeAction   = "github/codeql-action/analyze@v3"
-	CodeqlAutobuildAction = "github/codeql-action/autobuild@v3"
+	CodeqlInitAction      = "github/codeql-action/init@v4"
+	CodeqlAnalyzeAction   = "github/codeql-action/analyze@v4"
+	CodeqlAutobuildAction = "github/codeql-action/autobuild@v4"
 
 	DownloadSyftAction     = "anchore/sbom-action/download-syft@v0"
 	GoCoverageReportAction = "fgrosse/go-coverage-report@v1.2.0"