diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index e0871f9..5e562fb 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -9,3 +9,8 @@ updates:
     directory: "/" # Location of package manifests
     schedule:
       interval: "weekly"
+
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
diff --git a/.github/workflows/go-test-gosec.yml b/.github/workflows/go-test-gosec.yml
index df167b7..279de7c 100644
--- a/.github/workflows/go-test-gosec.yml
+++ b/.github/workflows/go-test-gosec.yml
@@ -21,7 +21,7 @@ jobs:
           # we let the report trigger content trigger a failure using the GitHub Security features.
           args: '-no-fail -fmt sarif -out results.sarif ./...'
       - name: Upload SARIF file
-        uses: github/codeql-action/upload-sarif@v2
+        uses: github/codeql-action/upload-sarif@v3
         with:
           # Path to SARIF file relative to the root of the repository
           sarif_file: results.sarif