diff --git a/.github/workflows/openssf.yml b/.github/workflows/openssf.yml
index 773ae3399..b8ba6e247 100644
--- a/.github/workflows/openssf.yml
+++ b/.github/workflows/openssf.yml
@@ -18,12 +18,12 @@ jobs:
 
     steps:
       - name: "Checkout code"
-        uses: actions/checkout@a12a3943b4bdde767164f792f33f40b04645d846 # tag=v3.0.0
+        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
         with:
           persist-credentials: false
 
       - name: "Run analysis"
-        uses: ossf/scorecard-action@80e868c13c90f172d68d1f4501dee99e2479f7af # v2.1.3
+        uses: ossf/scorecard-action@08b4669551908b1024bb425080c797723083c031 # v2.2.0
         with:
           results_file: results.sarif
           results_format: sarif
diff --git a/.github/workflows/sbom.yml b/.github/workflows/sbom.yml
index 7f757a77d..3a135c057 100644
--- a/.github/workflows/sbom.yml
+++ b/.github/workflows/sbom.yml
@@ -24,10 +24,10 @@ jobs:
         uses: sigstore/cosign-installer@6e04d228eb30da1757ee4e1dd75a0ec73a653e06 # v3
 
       - name: Install the syft command
-        uses: kubewarden/github-actions/syft-installer@00836d4962f80890a32cca1dd324d2ebafc4e29c # v3.1.5
+        uses: kubewarden/github-actions/syft-installer@0b73198f5d655ef4ad84e423f8047044ed73fd4b # v3.1.9
 
       - name: Install the crane command
-        uses: kubewarden/github-actions/crane-installer@00836d4962f80890a32cca1dd324d2ebafc4e29c # v3.1.5
+        uses: kubewarden/github-actions/crane-installer@0b73198f5d655ef4ad84e423f8047044ed73fd4b # v3.1.9
 
       - name: Login to GitHub Container Registry
         uses: docker/login-action@465a07811f14bebb1938fbed4728c6a1ff8901fc # v2
diff --git a/Dockerfile b/Dockerfile
index 8844e70be..4b7b57299 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,5 +1,5 @@
 # Build the manager binary
-FROM golang:1.19 as builder
+FROM golang:1.21@sha256:b490ae1f0ece153648dd3c5d25be59a63f966b5f9e1311245c947de4506981aa as builder
 
 WORKDIR /workspace
 # Copy the Go Modules manifests
diff --git a/go.mod b/go.mod
index 8a5eb24f9..c7b9154a4 100644
--- a/go.mod
+++ b/go.mod
@@ -6,17 +6,17 @@ require (
 	github.com/ereslibre/kube-webhook-wrapper v0.0.2
 	github.com/go-logr/logr v1.2.4
 	github.com/google/go-cmp v0.5.9
-	github.com/onsi/ginkgo/v2 v2.9.2
-	github.com/onsi/gomega v1.27.4
+	github.com/onsi/ginkgo/v2 v2.12.0
+	github.com/onsi/gomega v1.27.10
 	github.com/pkg/errors v0.9.1
-	go.opentelemetry.io/otel v1.14.0
-	go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v0.37.0
-	go.opentelemetry.io/otel/metric v0.37.0
-	go.opentelemetry.io/otel/sdk/metric v0.37.0
-	k8s.io/api v0.26.1
-	k8s.io/apimachinery v0.26.1
+	go.opentelemetry.io/otel v1.17.0
+	go.opentelemetry.io/otel/exporters/otlp/otlpmetric/otlpmetricgrpc v0.40.0
+	go.opentelemetry.io/otel/metric v0.38.1
+	go.opentelemetry.io/otel/sdk/metric v0.40.0
+	k8s.io/api v0.28.1
+	k8s.io/apimachinery v0.28.1
 	k8s.io/client-go v0.26.1
-	sigs.k8s.io/controller-runtime v0.14.6
+	sigs.k8s.io/controller-runtime v0.16.1
 )
 
 require (