diff --git a/.github/workflows/_reusable-sbom-scan.yml b/.github/workflows/_reusable-sbom-scan.yml
index 684241e7..5e5c302f 100644
--- a/.github/workflows/_reusable-sbom-scan.yml
+++ b/.github/workflows/_reusable-sbom-scan.yml
@@ -29,7 +29,7 @@ jobs:
         with:
           subject-path: ${{ github.event.repository.name }}-sbom.spdx.json
       - name: Scan SBOM
-        uses: anchore/scan-action@64a33b277ea7a1215a3c142735a1091341939ff5  # v4.1.2
+        uses: anchore/scan-action@49e50b215b647c5ec97abb66f69af73c46a4ca08 # v5.0.1
         id: scan
         with:
           sbom: ${{ github.event.repository.name }}-sbom.spdx.json
@@ -37,7 +37,7 @@ jobs:
           severity-cutoff: low
       - name: Scan SBOM (print results to console)
         if: ${{ always() && contains(fromJSON('["success", "failure"]'), steps.scan.outcome) }}
-        uses: anchore/scan-action@64a33b277ea7a1215a3c142735a1091341939ff5 # v4.1.2
+        uses: anchore/scan-action@49e50b215b647c5ec97abb66f69af73c46a4ca08 # v5.0.1
         with:
           output-format: table
           sbom: ${{ github.event.repository.name }}-sbom.spdx.json