diff --git a/.github/workflows/create_tags.yml b/.github/workflows/create_tags.yml
index adacacb..8b910bb 100644
--- a/.github/workflows/create_tags.yml
+++ b/.github/workflows/create_tags.yml
@@ -11,7 +11,7 @@ jobs:
     permissions:
       contents: write
     steps:
-      - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0
+      - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
         with:
           fetch-depth: '0'
       - uses: robinraju/release-downloader@d6de084c58345d09b017e22701dbcf26977cfd14 # v1.6
diff --git a/.github/workflows/macos.yml b/.github/workflows/macos.yml
index 184e752..c7bf88c 100644
--- a/.github/workflows/macos.yml
+++ b/.github/workflows/macos.yml
@@ -12,7 +12,7 @@ jobs:
   macOS-minimal:
     runs-on: macos-latest
     steps:
-    - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0
+    - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
     #- uses: eessi/github-action-eessi@main
     #  with:
     #    eessi_config_package: 'https://github.com/EESSI/filesystem-layer/releases/download/v0.3.0/cvmfs-config-eessi-0.3.0.pkg'
diff --git a/.github/workflows/minimal-usage.yml b/.github/workflows/minimal-usage.yml
index 5546e04..a0be8ca 100644
--- a/.github/workflows/minimal-usage.yml
+++ b/.github/workflows/minimal-usage.yml
@@ -12,7 +12,7 @@ jobs:
   minimal_usage:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0
+    - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
     - uses: ./
     - name: Test EESSI
       run: |
diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml
index ec018bd..e97156f 100644
--- a/.github/workflows/scorecards.yml
+++ b/.github/workflows/scorecards.yml
@@ -4,17 +4,12 @@
 
 name: Scorecards supply-chain security
 on:
-  # For Branch-Protection check. Only the default branch is supported. See
-  # https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection
-  branch_protection_rule:
   # To guarantee Maintained check is occasionally updated. See
   # https://github.com/ossf/scorecard/blob/main/docs/checks.md#maintained
   schedule:
     - cron: '25 15 * * 3'
   push:
-    branches: [ "main" ]
-  pull_request:
-    branches:    
+    branches:
       - main
 
 # Declare default permissions as read only.
@@ -22,6 +17,7 @@ permissions: read-all
 
 jobs:
   analysis:
+    if: github.repository_owner == 'EESSI'   # Prevent running on forks
     name: Scorecards analysis
     runs-on: ubuntu-latest
     permissions:
@@ -35,12 +31,12 @@ jobs:
 
     steps:
       - name: "Checkout code"
-        uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0
+        uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
         with:
           persist-credentials: false
 
       - name: "Run analysis"
-        uses: ossf/scorecard-action@99c53751e09b9529366343771cc321ec74e9bd3d # v2.0.6
+        uses: ossf/scorecard-action@dc50aa9510b46c811795eb24b2f1ba02a914e534 # v2.3.3
         with:
           results_file: results.sarif
           results_format: sarif
@@ -62,7 +58,7 @@ jobs:
       # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
       # format to the repository Actions tab.
       - name: "Upload artifact"
-        uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8 # v3.1.0
+        uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
         with:
           name: SARIF file
           path: results.sarif
@@ -70,6 +66,6 @@ jobs:
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@807578363a7869ca324a79039e6db9c843e0e100 # v2.1.27
+        uses: github/codeql-action/upload-sarif@9fdb3e49720b44c48891d036bb502feb25684276 # v3.25.6
         with:
           sarif_file: results.sarif
diff --git a/.github/workflows/tensorflow-usage.yml b/.github/workflows/tensorflow-usage.yml
index 02029f9..afacfe4 100644
--- a/.github/workflows/tensorflow-usage.yml
+++ b/.github/workflows/tensorflow-usage.yml
@@ -9,7 +9,7 @@ jobs:
   tensorflow_usage:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0
+    - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
     - uses: eessi/github-action-eessi@main
       with:
         eessi_stack_version: '2023.06'
diff --git a/action.yml b/action.yml
index 7002ff7..f0f9f51 100644
--- a/action.yml
+++ b/action.yml
@@ -16,7 +16,7 @@ runs:
       with:
         cvmfs_config_package: https://github.com/EESSI/filesystem-layer/releases/download/latest/cvmfs-config-eessi_latest_all.deb
         cvmfs_http_proxy: DIRECT
-        cvmfs_repositories: software.eessi.io
+        cvmfs_repositories: software.eessi.io,dev.eessi.io
     - id: install-eessi
       run: |
         echo "EESSI_SILENT=1" >> $GITHUB_ENV