diff --git a/.github/workflows/vulnerability-scan.yaml b/.github/workflows/vulnerability-scan.yaml
index f75c1cef6..9f9187079 100644
--- a/.github/workflows/vulnerability-scan.yaml
+++ b/.github/workflows/vulnerability-scan.yaml
@@ -39,7 +39,7 @@ jobs:
 
       - name: Restore Database
         id: database-restore
-        uses: actions/cache/restore@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
+        uses: actions/cache/restore@2c8a9bd7457de244a408f35966fab2fb45fda9c8 # v6.0.0
         with:
           key: grype-db-${{ steps.cache.outputs.key }}
           path: ~/.cache/grype/db
@@ -56,7 +56,7 @@ jobs:
 
       - if: ${{ always() && steps.database-restore.outputs.cache-hit != 'true' }}
         name: Cache Database
-        uses: actions/cache/save@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
+        uses: actions/cache/save@2c8a9bd7457de244a408f35966fab2fb45fda9c8 # v6.0.0
         with:
           key: grype-db-${{ steps.cache.outputs.key }}
           path: ~/.cache/grype/db
@@ -83,7 +83,7 @@ jobs:
           echo "key=$(date -u +'%Y-%m-%d')" >> $GITHUB_OUTPUT
 
       - name: Restore Database
-        uses: actions/cache/restore@27d5ce7f107fe9357f9df03efb73ab90386fccae # v5.0.5
+        uses: actions/cache/restore@2c8a9bd7457de244a408f35966fab2fb45fda9c8 # v6.0.0
         with:
           key: grype-db-${{ steps.cache.outputs.key }}
           path: ~/.cache/grype/db