diff --git a/.github/workflows/update-anchore-dependencies.yml b/.github/workflows/update-anchore-dependencies.yml
index d6abe8753643..15a14869d060 100644
--- a/.github/workflows/update-anchore-dependencies.yml
+++ b/.github/workflows/update-anchore-dependencies.yml
@@ -2,15 +2,10 @@ name: PR to update Anchore dependencies
 on:
   workflow_dispatch:
     inputs:
-      from:
-        description: "Where to pull dependency commits from (branch or 'release')"
-        required: false
-        type: choice
-        options:
-          - "main" # reference commits from the main branch
-          - "auto/integration" # reference commits from a pre-release PR (like from this workflow)
-          - "release" # reference commits from the latest github release
-        default: "main"
+      repos:
+        description: "List of dependencies to update"
+        required: true
+        type: string
 
 permissions:
   contents: read
@@ -28,22 +23,11 @@ jobs:
           tools: false
           bootstrap-apt-packages: ""
 
-      - name: Update Stereoscope
-        id: stereoscope
-        uses: anchore/workflows/.github/actions/update-go-dependency@main
+      - name: Update dependencies
+        id: update
+        uses: anchore/workflows/.github/actions/update-go-dependency@add-dep-update
         with:
-          repo: anchore/stereoscope
-          # note: even if you pass a branch or commit, go tooling will resolve this to a version tag if it exists
-          from: ${{ github.event.inputs.from }}
-
-      - name: Determine draft status
-        id: draft
-        run: |
-          if [ "${{ github.event.inputs.from }}" != "release" ]; then
-             echo "status=always-true" | tee -a $GITHUB_OUTPUT
-          else
-             echo "status=false" | tee -a $GITHUB_OUTPUT
-          fi
+          repos: ${{ github.event.inputs.repos }}
 
       - uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a #v2.1.0
         id: generate-token
@@ -55,15 +39,11 @@ jobs:
         with:
           signoff: true
           delete-branch: true
-          draft: ${{ steps.draft.outputs.status }}
+          draft: ${{ steps.update.outputs.draft }}
           # do not change this branch, as other workflows depend on it
           branch: auto/integration
           labels: dependencies,pre-release
           commit-message: "chore(deps): update anchore dependencies"
           title: "chore(deps): update anchore dependencies"
-          body: |
-            ***Using commits from***: ${{ github.event.inputs.from }}
-
-            ## Dependencies changed
-             - Stereoscope: `${{ steps.stereoscope.outputs.original_version }}` ➔ `${{ steps.stereoscope.outputs.resolved_version }}` (**${{ steps.stereoscope.outputs.action }}** from `${{ steps.stereoscope.outputs.source }}`)
+          body: ${{ steps.update.outputs.changelog }}
           token: ${{ steps.generate-token.outputs.token }}
diff --git a/Taskfile.yaml b/Taskfile.yaml
index 5e7f2c000ee8..1fed0f6b6813 100644
--- a/Taskfile.yaml
+++ b/Taskfile.yaml
@@ -17,6 +17,7 @@ vars:
   ORAS: "{{ .TOOL_DIR }}/oras"
   YQ: "{{ .TOOL_DIR }}/yq"
   TASK: "{{ .TOOL_DIR }}/task"
+  GH: "{{ .TOOL_DIR }}/gh"
 
   # used for changelog generation
   CHANGELOG: CHANGELOG.md
@@ -132,6 +133,17 @@ tasks:
       - "{{ .TMP_DIR }}"
     cmd: "mkdir -p {{ .TMP_DIR }}"
 
+  ## Dependency tasks #################################
+
+  update-anchore-deps:
+    desc: Update Anchore dependencies
+    deps: [tools]
+    requires:
+      vars:
+        - FROM
+    cmd: |
+      {{ .GH }} workflow run update-anchore-dependencies.yml -f repos="github.com/anchore/stereoscope@{{ .FROM }}"
+
   ## Static analysis tasks #################################
 
   format: