diff --git a/.github/workflows/build-world.yaml b/.github/workflows/build-world.yaml
index cadeeafff2c..914f8bab2bd 100644
--- a/.github/workflows/build-world.yaml
+++ b/.github/workflows/build-world.yaml
@@ -24,7 +24,7 @@ jobs:
     # permissions:
 
     container:
-      image: ghcr.io/wolfi-dev/sdk:latest@sha256:75468048eaa142564704993db5a52d82f1660269ea8cb8499b59e16ac6d10b41
+      image: ghcr.io/wolfi-dev/sdk:latest@sha256:110c4bc0a8941606034ee7af12f1197b4a6b6f6434fd4b4bbf61de501e18ffd1
       # TODO: Deprivilege
       options: |
         --cap-add NET_ADMIN --cap-add SYS_ADMIN --device /dev/fuse --security-opt seccomp=unconfined --security-opt apparmor:unconfined
diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml
index 8e9e1c0a9a3..2db1465890c 100644
--- a/.github/workflows/build.yaml
+++ b/.github/workflows/build.yaml
@@ -29,7 +29,7 @@ jobs:
       contents: read
 
     container:
-      image: ghcr.io/wolfi-dev/sdk:latest@sha256:75468048eaa142564704993db5a52d82f1660269ea8cb8499b59e16ac6d10b41
+      image: ghcr.io/wolfi-dev/sdk:latest@sha256:110c4bc0a8941606034ee7af12f1197b4a6b6f6434fd4b4bbf61de501e18ffd1
       # TODO: Deprivilege
       options: |
         --cap-add NET_ADMIN --cap-add SYS_ADMIN --device /dev/fuse --security-opt seccomp=unconfined --security-opt apparmor:unconfined
@@ -142,7 +142,7 @@ jobs:
 
     container:
       # NOTE: This step only signs and uploads, so it doesn't need any privileges
-      image: ghcr.io/wolfi-dev/sdk:latest@sha256:75468048eaa142564704993db5a52d82f1660269ea8cb8499b59e16ac6d10b41
+      image: ghcr.io/wolfi-dev/sdk:latest@sha256:110c4bc0a8941606034ee7af12f1197b4a6b6f6434fd4b4bbf61de501e18ffd1
 
     steps:
       - uses: actions/checkout@v4
@@ -246,7 +246,7 @@ jobs:
 
     container:
       # NOTE: This step only signs and uploads, so it doesn't need any privileges
-      image: ghcr.io/wolfi-dev/sdk:latest@sha256:75468048eaa142564704993db5a52d82f1660269ea8cb8499b59e16ac6d10b41
+      image: ghcr.io/wolfi-dev/sdk:latest@sha256:110c4bc0a8941606034ee7af12f1197b4a6b6f6434fd4b4bbf61de501e18ffd1
 
     steps:
       - uses: actions/checkout@v4
diff --git a/.github/workflows/ci-build.yaml b/.github/workflows/ci-build.yaml
index 1fc9ad765ef..03d65a35b90 100644
--- a/.github/workflows/ci-build.yaml
+++ b/.github/workflows/ci-build.yaml
@@ -33,7 +33,7 @@ jobs:
         run: |
           # Copy wolfictl out of the wolfictl image and onto PATH
           TMP=$(mktemp -d)
-          docker run --rm -i -v $TMP:/out --entrypoint /bin/sh ghcr.io/wolfi-dev/sdk:latest@sha256:75468048eaa142564704993db5a52d82f1660269ea8cb8499b59e16ac6d10b41 -c "cp /usr/bin/wolfictl /out"
+          docker run --rm -i -v $TMP:/out --entrypoint /bin/sh ghcr.io/wolfi-dev/sdk:latest@sha256:110c4bc0a8941606034ee7af12f1197b4a6b6f6434fd4b4bbf61de501e18ffd1 -c "cp /usr/bin/wolfictl /out"
           echo "$TMP" >> $GITHUB_PATH
 
       # Assuming that we have a list of changed files such as `foo.yaml` and `bar.yaml`, this
@@ -70,7 +70,7 @@ jobs:
       group: wolfi-builder-${{ matrix.arch }}
     needs: changes
     container:
-      image: ghcr.io/wolfi-dev/sdk:latest@sha256:75468048eaa142564704993db5a52d82f1660269ea8cb8499b59e16ac6d10b41
+      image: ghcr.io/wolfi-dev/sdk:latest@sha256:110c4bc0a8941606034ee7af12f1197b4a6b6f6434fd4b4bbf61de501e18ffd1
       options: |
         --cap-add NET_ADMIN --cap-add SYS_ADMIN --security-opt seccomp=unconfined --security-opt apparmor:unconfined
     outputs:
@@ -192,7 +192,7 @@ jobs:
     name: "ABI Compatibility check"
     runs-on: ubuntu-latest
     container:
-      image: ghcr.io/wolfi-dev/sdk:latest@sha256:75468048eaa142564704993db5a52d82f1660269ea8cb8499b59e16ac6d10b41
+      image: ghcr.io/wolfi-dev/sdk:latest@sha256:110c4bc0a8941606034ee7af12f1197b4a6b6f6434fd4b4bbf61de501e18ffd1
     needs: build
     if: needs.build.outputs.packages_were_built == 'true'
 
@@ -231,7 +231,7 @@ jobs:
     name: "Scan packages for CVEs"
     runs-on: ubuntu-latest
     container:
-      image: ghcr.io/wolfi-dev/sdk:latest@sha256:75468048eaa142564704993db5a52d82f1660269ea8cb8499b59e16ac6d10b41
+      image: ghcr.io/wolfi-dev/sdk:latest@sha256:110c4bc0a8941606034ee7af12f1197b4a6b6f6434fd4b4bbf61de501e18ffd1
     needs: build
     if: needs.build.outputs.packages_were_built == 'true'
 
diff --git a/.github/workflows/lint-world.yaml b/.github/workflows/lint-world.yaml
index d9551fcfaac..f3d232ca449 100644
--- a/.github/workflows/lint-world.yaml
+++ b/.github/workflows/lint-world.yaml
@@ -29,7 +29,7 @@ jobs:
       group: wolfi-os-builder-${{ matrix.arch }}
 
     container:
-      image: ghcr.io/wolfi-dev/sdk:latest@sha256:75468048eaa142564704993db5a52d82f1660269ea8cb8499b59e16ac6d10b41
+      image: ghcr.io/wolfi-dev/sdk:latest@sha256:110c4bc0a8941606034ee7af12f1197b4a6b6f6434fd4b4bbf61de501e18ffd1
 
     steps:
       - uses: actions/checkout@v4
diff --git a/.github/workflows/withdraw-packages.yaml b/.github/workflows/withdraw-packages.yaml
index b324b447864..f34ca436782 100644
--- a/.github/workflows/withdraw-packages.yaml
+++ b/.github/workflows/withdraw-packages.yaml
@@ -24,7 +24,7 @@ jobs:
         run: |
           # Copy wolfictl out of the wolfictl image and onto PATH
           TMP=$(mktemp -d)
-          docker run --rm -i -v $TMP:/out --entrypoint /bin/sh ghcr.io/wolfi-dev/sdk:latest@sha256:75468048eaa142564704993db5a52d82f1660269ea8cb8499b59e16ac6d10b41 -c "cp /usr/bin/wolfictl /out"
+          docker run --rm -i -v $TMP:/out --entrypoint /bin/sh ghcr.io/wolfi-dev/sdk:latest@sha256:110c4bc0a8941606034ee7af12f1197b4a6b6f6434fd4b4bbf61de501e18ffd1 -c "cp /usr/bin/wolfictl /out"
           echo "$TMP" >> $GITHUB_PATH
 
       - name: 'Authenticate to Google Cloud'
diff --git a/.github/workflows/wolfictl-check-update.yaml b/.github/workflows/wolfictl-check-update.yaml
index 16bbb8cea88..00b38a75456 100644
--- a/.github/workflows/wolfictl-check-update.yaml
+++ b/.github/workflows/wolfictl-check-update.yaml
@@ -29,7 +29,7 @@ jobs:
     - name: Check
       id: check
       if: ${{ steps.files.outputs.all_changed_files != '' }}
-      uses: docker://ghcr.io/wolfi-dev/wolfictl:latest@sha256:c0ce3a26b4fe886fb2da4bfc32be3472e7ddb76ae7f3463c82f7534b1c867a27
+      uses: docker://ghcr.io/wolfi-dev/wolfictl:latest@sha256:b4e251fddf75847e3d93abcd0a9d7edd401a8eb7efde555c48a9ebd9d2c077a8
       env:
         GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
       with:
diff --git a/Makefile b/Makefile
index 2a7f4de19af..0e068c04e21 100644
--- a/Makefile
+++ b/Makefile
@@ -184,7 +184,7 @@ dev-container:
 	    -v "${PWD}:${PWD}" \
 	    -w "${PWD}" \
 	    -e SOURCE_DATE_EPOCH=0 \
-	    ghcr.io/wolfi-dev/sdk:latest@sha256:75468048eaa142564704993db5a52d82f1660269ea8cb8499b59e16ac6d10b41
+	    ghcr.io/wolfi-dev/sdk:latest@sha256:110c4bc0a8941606034ee7af12f1197b4a6b6f6434fd4b4bbf61de501e18ffd1
 
 PACKAGES_CONTAINER_FOLDER ?= /work/packages
 TMP_REPOSITORIES_DIR := $(shell mktemp -d)
@@ -249,6 +249,6 @@ dev-container-wolfi:
 		--mount type=bind,source="${PWD}/local-melange.rsa.pub",destination="/etc/apk/keys/local-melange.rsa.pub",readonly \
 		--mount type=bind,source="$(TMP_REPOSITORIES_FILE)",destination="/etc/apk/repositories",readonly \
 		-w "$(PACKAGES_CONTAINER_FOLDER)" \
-		ghcr.io/wolfi-dev/sdk:latest@sha256:75468048eaa142564704993db5a52d82f1660269ea8cb8499b59e16ac6d10b41
+		ghcr.io/wolfi-dev/sdk:latest@sha256:110c4bc0a8941606034ee7af12f1197b4a6b6f6434fd4b4bbf61de501e18ffd1
 	@rm "$(TMP_REPOSITORIES_FILE)"
 	@rmdir "$(TMP_REPOSITORIES_DIR)"