diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index 860e5e1..4c328f8 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -15,7 +15,7 @@ on:
 jobs:
   code-scan:
     name: CodeQL Scan
-    uses: entur/gha-security/.github/workflows/code-scan.yml@v2.11.0
+    uses: entur/gha-security/.github/workflows/code-scan.yml@v2.12.1
     # no secrets necessary
     permissions: # some of these only apply when running on the main branch
       actions: read