diff --git a/security-actions/sca/action.yml b/security-actions/sca/action.yml
index ba170e9e0..7522746ef 100644
--- a/security-actions/sca/action.yml
+++ b/security-actions/sca/action.yml
@@ -98,7 +98,7 @@ runs:
 
     # Must upload artifact for output file parameter to have effect
     - name: Generate SPDX SBOM Using Syft
-      uses: anchore/sbom-action@da167eac915b4e86f08b264dbdbc867b61be6f0c # v0.20.5
+      uses: anchore/sbom-action@f8bdd1d8ac5e901a77a92f111440fdb1b593736b # v0.20.6
       id: sbom_spdx
       with:
         config: ${{ inputs.config }}
@@ -113,7 +113,7 @@ runs:
         github-token: ${{ inputs.github-token }}
 
     - name: Generate CycloneDX SBOM Using Syft
-      uses: anchore/sbom-action@da167eac915b4e86f08b264dbdbc867b61be6f0c # v0.20.5
+      uses: anchore/sbom-action@f8bdd1d8ac5e901a77a92f111440fdb1b593736b # v0.20.6
       id: sbom_cyclonedx
       with:
         config: ${{ inputs.config }}