diff --git a/.github/workflows/pr-lint.yml b/.github/workflows/pr-lint.yml
index f4f8670..69b52d4 100644
--- a/.github/workflows/pr-lint.yml
+++ b/.github/workflows/pr-lint.yml
@@ -1,18 +1,29 @@
 ---
+# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json
 name: PR Lint
 
+# yamllint disable-line rule:truthy
 on:
   push:
-    branches-ignore: [master, main]
-    # Remove the line above to run when pushing to master
+    branches: [master, main]
   pull_request:
     branches: [master, main]
 
-permissions:
-  contents: read
-  packages: read
-  statuses: write
+permissions: read-all
+
+env:
+  TRIVY_SEVERITY: CRITICAL,HIGH
+  DISABLE_LINTERS: GO_GOLANGCI_LINT
 
 jobs:
-  SuperLinter:
-    uses: ivuorinen/.github/.github/workflows/pr-lint.yml@main
+  Linter:
+    name: PR Lint
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write # only for delete-branch option
+      issues: write
+      pull-requests: write
+      statuses: write
+
+    steps:
+      - uses: ivuorinen/actions/pr-lint@eb085adfe2779a1c52bfe1b2d0945b6c4241f54e # 25.3.19
diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml
deleted file mode 100644
index 2055b92..0000000
--- a/.github/workflows/stale.yml
+++ /dev/null
@@ -1,19 +0,0 @@
----
-name: Stale
-
-# yamllint disable-line rule:truthy
-on:
-  schedule:
-    - cron: "0 8 * * *"
-  workflow_call:
-  workflow_dispatch:
-
-jobs:
-  stale:
-    runs-on: ubuntu-latest
-    permissions:
-      contents: write # only for delete-branch option
-      issues: write
-      pull-requests: write
-    steps:
-      - uses: ivuorinen/actions/stale@main
diff --git a/.github/workflows/sync-labels.yml b/.github/workflows/sync-labels.yml
index e5e2001..4ae2f89 100644
--- a/.github/workflows/sync-labels.yml
+++ b/.github/workflows/sync-labels.yml
@@ -1,11 +1,12 @@
 ---
+# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json
 name: Sync labels
 
+permissions: read-all
+
 # yamllint disable-line rule:truthy
 on:
   push:
-    branches:
-      - main
     paths:
       - .github/workflows/sync-labels.yml
       - .github/labels.yml
@@ -17,7 +18,8 @@ on:
 jobs:
   SyncLabels:
     permissions:
+      contents: read
       issues: write
     runs-on: ubuntu-latest
     steps:
-      - uses: ivuorinen/actions/sync-labels@main
+      - uses: ivuorinen/actions/sync-labels@eb085adfe2779a1c52bfe1b2d0945b6c4241f54e # 25.3.19
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 032082b..e72e6f3 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -19,12 +19,14 @@ jobs:
           go-version-file: 'go.mod'
 
       - name: Run Go Tests
+        shell: bash
         run: go test -json ./... > go-test-results.json
 
       - name: Convert JSON to SARIF
         uses: ivuorinen/go-test-sarif@v1
         with:
-          test_results: go-test-results.json
+          input_file: go-test-results.json
+          output_file: go-test-results.sarif
 
       - name: Upload SARIF to GitHub Security Tab
         uses: github/codeql-action/upload-sarif@5f8171a638ada777af81d42b55959a643bb29017 # v3
diff --git a/action.yml b/action.yml
index 0f1c823..3a401fa 100644
--- a/action.yml
+++ b/action.yml
@@ -12,7 +12,7 @@ runs:
   using: 'composite'
   steps:
     - name: Convert Go test results to SARIF
-      uses: ivuorinen/go-test-sarif-action@v1
+      uses: ivuorinen/go-test-sarif@v1
       with:
         input_file: ${{ inputs.input_file }}
         output_file: ${{ inputs.output_file }}