diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 3328bf52c1..ae2dffd4db 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -87,3 +87,8 @@ updates:
     directory: /service/ossse
     schedule:
       interval: daily
+
+  - package-ecosystem: github-actions
+    directory: /
+    schedule:
+      interval: daily
diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml
index 18fd9c3ef0..3ad65000a4 100644
--- a/.github/workflows/scorecard.yml
+++ b/.github/workflows/scorecard.yml
@@ -41,7 +41,7 @@ jobs:
           path: results.sarif
           retention-days: 5
       - name: Upload SARIF file
-        uses: github/codeql-action/upload-sarif@v3
+        uses: github/codeql-action/upload-sarif@23acc5c183826b7a8a97bce3cecc52db901f8251 # v3.25.10
         with:
           # Path to SARIF file relative to the root of the repository
           sarif_file: results.sarif