diff --git a/.github/workflows/codeql-analysis.yaml b/.github/workflows/codeql-analysis.yaml
index 80e942810..c22823fbe 100644
--- a/.github/workflows/codeql-analysis.yaml
+++ b/.github/workflows/codeql-analysis.yaml
@@ -19,7 +19,7 @@ jobs:
 
     runs-on: ubuntu-24.04
     steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
       - uses: actions/setup-go@v6
         with: { go-version: stable }
 
diff --git a/.github/workflows/govulncheck.yaml b/.github/workflows/govulncheck.yaml
index 7760c87d8..154dbc25c 100644
--- a/.github/workflows/govulncheck.yaml
+++ b/.github/workflows/govulncheck.yaml
@@ -22,7 +22,7 @@ jobs:
 
     runs-on: ubuntu-24.04
     steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
 
       # Install Go and produce a SARIF report. This fails only when the tool is
       # unable to scan.
diff --git a/.github/workflows/lint.yaml b/.github/workflows/lint.yaml
index 231a86e2d..da3f4f342 100644
--- a/.github/workflows/lint.yaml
+++ b/.github/workflows/lint.yaml
@@ -10,7 +10,7 @@ jobs:
       contents: read
       checks: write
     steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
       - uses: actions/setup-go@v6
         with: { go-version: stable }
 
diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml
index ad781ba97..6d3897555 100644
--- a/.github/workflows/test.yaml
+++ b/.github/workflows/test.yaml
@@ -10,7 +10,7 @@ jobs:
   go-test:
     runs-on: ubuntu-24.04
     steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
       - uses: actions/setup-go@v6
         with: { go-version: stable }
 
@@ -28,7 +28,7 @@ jobs:
       matrix:
         kubernetes: ['default']
     steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
       - uses: actions/setup-go@v6
         with: { go-version: stable }
 
@@ -55,7 +55,7 @@ jobs:
       matrix:
         kubernetes: [v1.30, v1.33]
     steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
       - uses: actions/setup-go@v6
         with: { go-version: stable }
 
@@ -89,7 +89,7 @@ jobs:
       matrix:
         kubernetes: [v1.30, v1.33]
     steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
       - uses: actions/setup-go@v6
         with: { go-version: stable }
 
@@ -140,7 +140,7 @@ jobs:
       matrix:
         kubernetes: [v1.30, v1.33]
     steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
       - uses: actions/setup-go@v6
         with: { go-version: stable }
 
@@ -211,7 +211,7 @@ jobs:
       - e2e-k3d-chainsaw
       - e2e-k3d-kuttl
     steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
       - uses: actions/setup-go@v6
         with: { go-version: stable }
       - uses: actions/download-artifact@v6
diff --git a/.github/workflows/trivy.yaml b/.github/workflows/trivy.yaml
index 696b9717e..53d9f611b 100644
--- a/.github/workflows/trivy.yaml
+++ b/.github/workflows/trivy.yaml
@@ -21,7 +21,7 @@ jobs:
 
     runs-on: ubuntu-24.04
     steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
       - name: Download Trivy
         uses: ./.github/actions/trivy
         env:
@@ -41,7 +41,7 @@ jobs:
 
     runs-on: ubuntu-24.04
     steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
 
       # Trivy needs a populated Go module cache to detect Go module licenses.
       - uses: actions/setup-go@v6
@@ -67,7 +67,7 @@ jobs:
 
     runs-on: ubuntu-24.04
     steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
 
       # Report success only when detected secrets are listed in [.trivyignore.yaml].
       - name: Scan secrets
@@ -89,7 +89,7 @@ jobs:
 
     runs-on: ubuntu-24.04
     steps:
-      - uses: actions/checkout@v5
+      - uses: actions/checkout@v6
 
       # Print any detected secrets or vulnerabilities to the workflow log for
       # human consumption. This step fails only when Trivy is unable to scan.