diff --git a/.github/workflows/webapp-cd.yml b/.github/workflows/webapp-cd.yml
index 24c7f0c..98906f0 100644
--- a/.github/workflows/webapp-cd.yml
+++ b/.github/workflows/webapp-cd.yml
@@ -32,7 +32,7 @@ jobs:
       image-tag: ${{ steps.meta.outputs.version }}
       image-full: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ steps.meta.outputs.version }}
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
 
       - name: Log in to GHCR
         uses: docker/login-action@v3
@@ -66,7 +66,7 @@ jobs:
       security-events: write
       packages: read
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
       - name: Log in to GHCR
         uses: docker/login-action@v3
         with:
@@ -91,7 +91,7 @@ jobs:
     needs: [build-push, security-scan]
     environment: production
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
 
       - name: Azure Login (OIDC)
         uses: azure/login@v2
diff --git a/.github/workflows/webapp-ci.yml b/.github/workflows/webapp-ci.yml
index 2a5421c..9210250 100644
--- a/.github/workflows/webapp-ci.yml
+++ b/.github/workflows/webapp-ci.yml
@@ -24,7 +24,7 @@ jobs:
   test-backend:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
       - uses: actions/setup-node@v4
         with:
           node-version: "24"
@@ -40,7 +40,7 @@ jobs:
   test-frontend:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
       - uses: actions/setup-node@v4
         with:
           node-version: "24"
@@ -57,7 +57,7 @@ jobs:
     permissions:
       security-events: write
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
       - name: Build Docker image
         run: docker build -f Dockerfile.webapp -t agentrc-webapp:test .
       - name: Run Trivy vulnerability scanner