diff --git a/.github/workflows/scan.yml b/.github/workflows/scan.yml
index ffad4a8..3241946 100644
--- a/.github/workflows/scan.yml
+++ b/.github/workflows/scan.yml
@@ -20,7 +20,7 @@ jobs:
       # NOTE: Scan first without failing, else we won't be able to read the scan
       # report.
       - name: Scan container image (no fail)
-        uses: anchore/scan-action@v3
+        uses: anchore/scan-action@v4
         id: scan_container
         with:
           image: "dangerzone.rocks/dangerzone:latest"
@@ -35,7 +35,7 @@ jobs:
       - name: Inspect container scan report
         run: cat ${{ steps.scan_container.outputs.sarif }}
       - name: Scan container image
-        uses: anchore/scan-action@v3
+        uses: anchore/scan-action@v4
         with:
           image: "dangerzone.rocks/dangerzone:latest"
           fail-build: true
@@ -50,7 +50,7 @@ jobs:
       # NOTE: Scan first without failing, else we won't be able to read the scan
       # report.
       - name: Scan application (no fail)
-        uses: anchore/scan-action@v3
+        uses: anchore/scan-action@v4
         id: scan_app
         with:
           path: "."
@@ -65,7 +65,7 @@ jobs:
       - name: Inspect application scan report
         run: cat ${{ steps.scan_app.outputs.sarif }}
       - name: Scan application
-        uses: anchore/scan-action@v3
+        uses: anchore/scan-action@v4
         with:
           path: "."
           fail-build: true
diff --git a/.github/workflows/scan_released.yml b/.github/workflows/scan_released.yml
index 703192d..4b6b476 100644
--- a/.github/workflows/scan_released.yml
+++ b/.github/workflows/scan_released.yml
@@ -19,7 +19,7 @@ jobs:
       # NOTE: Scan first without failing, else we won't be able to read the scan
       # report.
       - name: Scan container image (no fail)
-        uses: anchore/scan-action@v3
+        uses: anchore/scan-action@v4
         id: scan_container
         with:
           image: "dangerzone.rocks/dangerzone:latest"
@@ -34,7 +34,7 @@ jobs:
       - name: Inspect container scan report
         run: cat ${{ steps.scan_container.outputs.sarif }}
       - name: Scan container image
-        uses: anchore/scan-action@v3
+        uses: anchore/scan-action@v4
         with:
           image: "dangerzone.rocks/dangerzone:latest"
           fail-build: true
@@ -55,7 +55,7 @@ jobs:
       # NOTE: Scan first without failing, else we won't be able to read the scan
       # report.
       - name: Scan application (no fail)
-        uses: anchore/scan-action@v3
+        uses: anchore/scan-action@v4
         id: scan_app
         with:
           path: "."
@@ -70,7 +70,7 @@ jobs:
       - name: Inspect application scan report
         run: cat ${{ steps.scan_app.outputs.sarif }}
       - name: Scan application
-        uses: anchore/scan-action@v3
+        uses: anchore/scan-action@v4
         with:
           path: "."
           fail-build: true