diff --git a/.github/workflows/.ci-build.yml b/.github/workflows/.ci-build.yml
index aa6aaa8..20bee78 100644
--- a/.github/workflows/.ci-build.yml
+++ b/.github/workflows/.ci-build.yml
@@ -74,7 +74,7 @@ jobs:
     timeout-minutes: 600 # default is 360
 
     container:
-      image: ghcr.io/wolfi-dev/sdk:latest@sha256:3014b6aec22ee9434659bfe7cb8dfcd8f61bce1a1f1c92f836be8daa0aa96088
+      image: ghcr.io/wolfi-dev/sdk:latest@sha256:f0c5a904d3a970424329546433348a3607252c8cf629ca9f7a2bff4065ac03c7
       options: |
         --cap-add NET_ADMIN --cap-add SYS_ADMIN --device /dev/fuse --security-opt seccomp=unconfined --security-opt apparmor:unconfined
 
diff --git a/advisories-validate/action.yaml b/advisories-validate/action.yaml
index bf00b41..e2e285a 100644
--- a/advisories-validate/action.yaml
+++ b/advisories-validate/action.yaml
@@ -37,7 +37,7 @@ inputs:
 
 runs:
   using: 'docker'
-  image: docker://ghcr.io/wolfi-dev/sdk:latest@sha256:3014b6aec22ee9434659bfe7cb8dfcd8f61bce1a1f1c92f836be8daa0aa96088
+  image: docker://ghcr.io/wolfi-dev/sdk:latest@sha256:f0c5a904d3a970424329546433348a3607252c8cf629ca9f7a2bff4065ac03c7
   entrypoint: wolfictl
   args:
     - adv
diff --git a/build-and-publish-secdb/action.yaml b/build-and-publish-secdb/action.yaml
index d8256d1..49c9bf5 100644
--- a/build-and-publish-secdb/action.yaml
+++ b/build-and-publish-secdb/action.yaml
@@ -61,7 +61,7 @@ runs:
       shell: bash
 
     - name: Build the security database
-      uses: docker://ghcr.io/wolfi-dev/sdk:latest@sha256:3014b6aec22ee9434659bfe7cb8dfcd8f61bce1a1f1c92f836be8daa0aa96088
+      uses: docker://ghcr.io/wolfi-dev/sdk:latest@sha256:f0c5a904d3a970424329546433348a3607252c8cf629ca9f7a2bff4065ac03c7
       with:
         entrypoint: wolfictl
         args: ${{ inputs.wolfictl_args }}
diff --git a/build-and-publish-yaml/action.yaml b/build-and-publish-yaml/action.yaml
index 3f3c342..7609c49 100644
--- a/build-and-publish-yaml/action.yaml
+++ b/build-and-publish-yaml/action.yaml
@@ -56,7 +56,7 @@ runs:
       shell: bash
 
     - name: Build the security database
-      uses: docker://ghcr.io/wolfi-dev/sdk:latest@sha256:3014b6aec22ee9434659bfe7cb8dfcd8f61bce1a1f1c92f836be8daa0aa96088
+      uses: docker://ghcr.io/wolfi-dev/sdk:latest@sha256:f0c5a904d3a970424329546433348a3607252c8cf629ca9f7a2bff4065ac03c7
       with:
         entrypoint: wolfictl
         args: ${{ inputs.wolfictl_args }}
diff --git a/install-wolfictl/action.yaml b/install-wolfictl/action.yaml
index 7b51eb7..7f817d9 100644
--- a/install-wolfictl/action.yaml
+++ b/install-wolfictl/action.yaml
@@ -10,6 +10,6 @@ runs:
       run: |
         # Copy wolfictl out of the wolfictl image and onto PATH
         TMP=$(mktemp -d)
-        docker run --rm -i -v $TMP:/out --entrypoint /bin/sh ghcr.io/wolfi-dev/sdk:latest@sha256:3014b6aec22ee9434659bfe7cb8dfcd8f61bce1a1f1c92f836be8daa0aa96088 -c "cp /usr/bin/wolfictl /out"
+        docker run --rm -i -v $TMP:/out --entrypoint /bin/sh ghcr.io/wolfi-dev/sdk:latest@sha256:f0c5a904d3a970424329546433348a3607252c8cf629ca9f7a2bff4065ac03c7 -c "cp /usr/bin/wolfictl /out"
         echo "$TMP" >> $GITHUB_PATH
       shell: bash