diff --git a/.github/workflows/backstage-catalog-helper.yml b/.github/workflows/backstage-catalog-helper.yml
new file mode 100644
index 0000000..6a98633
--- /dev/null
+++ b/.github/workflows/backstage-catalog-helper.yml
@@ -0,0 +1,16 @@
+name: Backstage Catalog Info Helper
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: "0 0 * * *"
+
+jobs:
+  update-catalog-info:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Update catalog-info.yaml
+        uses: cds-snc/backstage-catalog-info-helper-action@v0.2.0
+        with:
+          github-app-id: ${{ secrets.SRE_BOT_RW_APP_ID }}
+          github-app-private-key: ${{ secrets.SRE_BOT_RW_APP_PRIVATE_KEY }}
+          github-organization: ${{ github.repository_owner}}
\ No newline at end of file
diff --git a/.github/workflows/export_github_data.yml b/.github/workflows/export_github_data.yml
index 3d37329..941e3ba 100644
--- a/.github/workflows/export_github_data.yml
+++ b/.github/workflows/export_github_data.yml
@@ -2,13 +2,19 @@ name: GitHub repository metadata exporter
 on:
   workflow_dispatch:
   schedule:
-    - cron: "0 7 * * *"
+    - cron: "20 7 * * *"
 
 jobs:
   export-data:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608
+      - name: Audit DNS requests
+        uses: cds-snc/dns-proxy-action@main
+        env:
+          DNS_PROXY_FORWARDTOSENTINEL: "true"
+          DNS_PROXY_LOGANALYTICSWORKSPACEID: ${{ secrets.LOG_ANALYTICS_WORKSPACE_ID }}
+          DNS_PROXY_LOGANALYTICSSHAREDKEY: ${{ secrets.LOG_ANALYTICS_WORKSPACE_KEY }}
+      - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
       - name: Export Data
         uses: cds-snc/github-repository-metadata-exporter@main
         with:
diff --git a/.github/workflows/ossf-scorecard.yml b/.github/workflows/ossf-scorecard.yml
index 0f8f0d8..c85904f 100644
--- a/.github/workflows/ossf-scorecard.yml
+++ b/.github/workflows/ossf-scorecard.yml
@@ -20,12 +20,12 @@ jobs:
 
     steps:
       - name: "Checkout code"
-        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
+        uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
         with:
           persist-credentials: false
 
       - name: "Run analysis"
-        uses: ossf/scorecard-action@b687393d2370bdf6d960ea972ff690c9ed797189
+        uses: ossf/scorecard-action@2fa1e2fa153141e2950c7e1299ed05e2081ead0c
         with:
           results_file: ossf-results.json
           results_format: json
diff --git a/.github/workflows/s3-backup.yml b/.github/workflows/s3-backup.yml
index 5dc6c7a..61e9aab 100644
--- a/.github/workflows/s3-backup.yml
+++ b/.github/workflows/s3-backup.yml
@@ -10,12 +10,12 @@ jobs:
     steps:
 
     - name: Checkout
-      uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
+      uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0
       with:
         fetch-depth: 0 # retrieve all history
 
     - name: Configure AWS credentials
-      uses: aws-actions/configure-aws-credentials@5fd3084fc36e372ff1fff382a39b10d03659f355 # v2.2.0
+      uses: aws-actions/configure-aws-credentials@010d0da01d0b5a38af31e9c3470dbfdabdecca3a # v4.0.1
       with:
         aws-access-key-id: ${{ secrets.AWS_S3_BACKUP_ACCESS_KEY_ID }}
         aws-secret-access-key: ${{ secrets.AWS_S3_BACKUP_SECRET_ACCESS_KEY }}