diff --git a/.builder-image-version.txt b/.builder-image-version.txt
index b668c3b2c..8fc77d0fa 100644
--- a/.builder-image-version.txt
+++ b/.builder-image-version.txt
@@ -1 +1 @@
-1.0.16
+1.0.17
diff --git a/.github/workflows/main-promote-builder-image.yml b/.github/workflows/main-promote-builder-image.yml
index 7a227b816..f0f54df0d 100644
--- a/.github/workflows/main-promote-builder-image.yml
+++ b/.github/workflows/main-promote-builder-image.yml
@@ -10,7 +10,7 @@ jobs:
     name: Promote Latest tag to Caph Builder Image
     runs-on: ubuntu-latest
     container:
-      image: ghcr.io/syself/caph-builder:1.0.16
+      image: ghcr.io/syself/caph-builder:1.0.17
       credentials:
         username: ${{ github.actor }}
         password: ${{ secrets.github_token }}
diff --git a/.github/workflows/pr-lint.yml b/.github/workflows/pr-lint.yml
index 2fca7790d..ea01ca357 100644
--- a/.github/workflows/pr-lint.yml
+++ b/.github/workflows/pr-lint.yml
@@ -23,7 +23,7 @@ jobs:
     if: github.event_name != 'pull_request_target' || !github.event.pull_request.draft
     runs-on: ubuntu-latest
     container:
-      image: ghcr.io/syself/caph-builder:1.0.16
+      image: ghcr.io/syself/caph-builder:1.0.17
       credentials:
         username: ${{ github.actor }}
         password: ${{ secrets.github_token }}
diff --git a/.github/workflows/schedule-scan-image.yml b/.github/workflows/schedule-scan-image.yml
index 26234bc92..756040cc1 100644
--- a/.github/workflows/schedule-scan-image.yml
+++ b/.github/workflows/schedule-scan-image.yml
@@ -10,7 +10,7 @@ jobs:
     runs-on: ubuntu-latest
     if: github.repository == 'syself/cluster-api-provider-hetzner'
     container:
-      image: ghcr.io/syself/caph-builder:1.0.16
+      image: ghcr.io/syself/caph-builder:1.0.17
       credentials:
         username: ${{ github.actor }}
         password: ${{ secrets.github_token }}
diff --git a/images/builder/Dockerfile b/images/builder/Dockerfile
index 864538dcf..a373a6019 100644
--- a/images/builder/Dockerfile
+++ b/images/builder/Dockerfile
@@ -19,7 +19,7 @@
 # Install Lychee
 FROM docker.io/library/alpine:3.19.1@sha256:6457d53fb065d6f250e1504b9bc42d5b6c65941d57532c072d929dd0628977d0 as lychee
 # update: datasource=github-tags depName=lycheeverse/lychee versioning=semver
-ENV LYCHEE_VERSION="v0.14.3"
+ENV LYCHEE_VERSION="v0.15.1"
 # hadolint ignore=DL3018
 RUN apk add --no-cache curl && \
     curl -L -o /tmp/lychee-${LYCHEE_VERSION}.tgz https://github.com/lycheeverse/lychee/releases/download/${LYCHEE_VERSION}/lychee-${LYCHEE_VERSION}-x86_64-unknown-linux-gnu.tar.gz && \
@@ -30,7 +30,7 @@ RUN apk add --no-cache curl && \
 # Install Golang CI Lint
 FROM docker.io/library/alpine:3.19.1@sha256:6457d53fb065d6f250e1504b9bc42d5b6c65941d57532c072d929dd0628977d0 as golangci
 # update: datasource=github-tags depName=golangci/golangci-lint versioning=semver
-ENV GOLANGCI_VERSION="v1.57.2"
+ENV GOLANGCI_VERSION="v1.58.1"
 WORKDIR /
 # hadolint ignore=DL3018,DL4006
 RUN apk add --no-cache curl && \
@@ -40,7 +40,7 @@ RUN apk add --no-cache curl && \
 FROM docker.io/hadolint/hadolint:v2.12.0-alpine@sha256:7dba9a9f1a0350f6d021fb2f6f88900998a4fb0aaf8e4330aa8c38544f04db42 as hadolint
 
 # Install Trivy
-FROM docker.io/aquasec/trivy:0.50.1@sha256:0aff831cd122c9cc8dbd25fc75974c21cd49ca7c72d522ce11978373f695f55d as trivy
+FROM docker.io/aquasec/trivy:0.51.1@sha256:b5617ed4b09b3b64b9d24bb01083509cf836243ca74e51adb7557de79efdeb46 as trivy
 
 ############################
 # Caph Build Image Base #