diff --git a/.github/workflows/blackduck_scan_scheduled.yaml b/.github/workflows/blackduck_scan_scheduled.yaml
index 3af97f7..78ac406 100644
--- a/.github/workflows/blackduck_scan_scheduled.yaml
+++ b/.github/workflows/blackduck_scan_scheduled.yaml
@@ -1,7 +1,8 @@
 name: Blackduck Scan Cronjob
 on:
   schedule:
-    - cron:  '30 1 * * 0'
+    - cron:  '0 4 * * 1'
+  workflow_dispatch:
   
 permissions:
   checks: write
@@ -13,22 +14,15 @@ jobs:
       - name: Checkout code
         uses: actions/checkout@v4
 
-      - name: Set up Java 17
-        uses: actions/setup-java@v4
-        with:
-          java-version: '17'
-          distribution: 'temurin'
-          
       - name: Blackduck Full Scan
-        uses: mercedesbenzio/detect-action@v1
+        uses: blackduck-inc/black-duck-security-scan@805cbd09e806b01907bbea0f990723c2bb85abe9
         env:
           DETECT_PROJECT_USER_GROUPS: opencomponentmodel
           DETECT_PROJECT_VERSION_DISTRIBUTION: SAAS
           DETECT_SOURCE_PATH: ./
           NODE_TLS_REJECT_UNAUTHORIZED: true
         with:
-          scan-mode: INTELLIGENT
-          github-token: ${{ secrets.GITHUB_TOKEN }}
-          blackduck-url: ${{ secrets.BLACKDUCK_URL }}
-          blackduck-api-token: ${{ secrets.BLACKDUCK_API_TOKEN }}
-          detect-version: 8.8.0
+          github_token: ${{ secrets.GITHUB_TOKEN }}
+          blackducksca_url: ${{ secrets.BLACKDUCK_URL }}
+          blackducksca_token: ${{ secrets.BLACKDUCK_API_TOKEN }}
+          blackducksca_scan_full: true
diff --git a/.github/workflows/check-manifest-generation-diff.yaml b/.github/workflows/check-manifest-generation-diff.yaml
index 6334a3c..e0d8107 100644
--- a/.github/workflows/check-manifest-generation-diff.yaml
+++ b/.github/workflows/check-manifest-generation-diff.yaml
@@ -20,7 +20,7 @@ jobs:
       with:
         go-version-file: '${{ github.workspace }}/go.mod'
     - name: Restore Go cache
-      uses: actions/cache@v3
+      uses: actions/cache@v4
       with:
         path: /home/runner/work/_temp/_github_home/go/pkg/mod
         key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
diff --git a/.github/workflows/dispatch-e2e.yaml b/.github/workflows/dispatch-e2e.yaml
index 5d21ee7..5c01af3 100644
--- a/.github/workflows/dispatch-e2e.yaml
+++ b/.github/workflows/dispatch-e2e.yaml
@@ -16,7 +16,7 @@ jobs:
           app_id: ${{ secrets.OCMBOT_APP_ID }}
           private_key: ${{ secrets.OCMBOT_PRIV_KEY }}
       - name: Dispatch e2e test trigger
-        uses: peter-evans/repository-dispatch@v2
+        uses: peter-evans/repository-dispatch@ff45666b9427631e3450c54a1bcbee4d9ff4d7c0
         with:
           token: ${{ steps.generate_token.outputs.token }}
           repository: open-component-model/MPAS
diff --git a/.github/workflows/mend_scan.yaml b/.github/workflows/mend_scan.yaml
index 430fdc8..afb5102 100644
--- a/.github/workflows/mend_scan.yaml
+++ b/.github/workflows/mend_scan.yaml
@@ -41,7 +41,7 @@ jobs:
         go-version-file: '${{ github.workspace }}/go.mod'
 
     - name: 'Setup jq'
-      uses: dcarbone/install-jq-action@v2.1.0
+      uses: dcarbone/install-jq-action@e397bd87438d72198f81efd21f876461183d383a
       with:
         version: '1.7'
 
@@ -171,7 +171,7 @@ jobs:
         fi
         
     - name: Check if PR exists
-      uses: 8BitJonny/gh-get-current-pr@2.2.0
+      uses: 8BitJonny/gh-get-current-pr@08e737c57a3a4eb24cec6487664b243b77eb5e36
       id: pr_exists
       with:
         filterOutClosed: true
@@ -179,7 +179,7 @@ jobs:
         
     - name: Comment Mend Status on PR
       if: ${{ github.event_name != 'schedule' && steps.pr_exists.outputs.pr_found == 'true' }}
-      uses: thollander/actions-comment-pull-request@v2.4.3
+      uses: thollander/actions-comment-pull-request@24bffb9b452ba05a4f3f77933840a6a841d1b32b
       with:
         message: |
           ## Mend Scan Summary: :${{ steps.report.outputs.status }}:
diff --git a/.github/workflows/release-drafter.yaml b/.github/workflows/release-drafter.yaml
index 250f809..9448859 100644
--- a/.github/workflows/release-drafter.yaml
+++ b/.github/workflows/release-drafter.yaml
@@ -15,6 +15,6 @@ jobs:
   update_release_draft:
     runs-on: ubuntu-latest
     steps:
-      - uses: release-drafter/release-drafter@v5
+      - uses: release-drafter/release-drafter@b1476f6e6eb133afa41ed8589daba6dc69b4d3f5
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index e6736ed..868de8c 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -42,7 +42,7 @@ jobs:
       with:
         go-version-file: '${{ github.workspace }}/go.mod'
     - name: Cache go-build and mod
-      uses: actions/cache@v3
+      uses: actions/cache@v4
       with:
         path: |
           ~/.cache/go-build/
@@ -98,11 +98,11 @@ jobs:
         mkdir -p output
         kustomize build ./config/default > ./output/install.yaml
     - name: Setup Syft
-      uses: anchore/sbom-action/download-syft@7ccf588e3cf3cc2611714c2eeae48550fbc17552 # v0.15.11
+      uses: anchore/sbom-action/download-syft@f325610c9f50a54015d37c8d16cb3b0e2c8f4de0 # v0.18.0
     - name: Setup Cosign
-      uses: sigstore/cosign-installer@v3.5.0
+      uses: sigstore/cosign-installer@c56c2d3e59e4281cc41dea2217323ba5694b171e
     - name: Run goreleaser
-      uses: goreleaser/goreleaser-action@v5
+      uses: goreleaser/goreleaser-action@9ed2f89a662bf1735a48bc8557fd212fa902bebf
       with:
         distribution: goreleaser
         version: latest
diff --git a/.github/workflows/tests.yaml b/.github/workflows/tests.yaml
index 9e79ac4..b04a2f4 100644
--- a/.github/workflows/tests.yaml
+++ b/.github/workflows/tests.yaml
@@ -26,7 +26,7 @@ jobs:
         with:
           go-version-file: '${{ github.workspace }}/go.mod'
       - name: Restore Go cache
-        uses: actions/cache@v3
+        uses: actions/cache@v4
         with:
           path: /home/runner/work/_temp/_github_home/go/pkg/mod
           key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}