diff --git a/.github/workflows/ci-main-pull-request.yml b/.github/workflows/ci-main-pull-request.yml
index 906c8b5..4451aa2 100644
--- a/.github/workflows/ci-main-pull-request.yml
+++ b/.github/workflows/ci-main-pull-request.yml
@@ -56,6 +56,31 @@ on:
         required: false
         type: string
         default: '1.0.0'
+      detect-policy-check-fail-on-severities:
+        description: 'Detect policy check on failure of prior steps, prevents an upload of SBOM or BlackDuck SCA scan if prior steps failed'
+        required: false
+        type: string
+        default: 'ALL'
+      blackduck-break-build:
+        description: 'Break the build if BlackDuck SCA scan finds new high or critical vulnerabilities'
+        required: false
+        type: boolean
+        default: true
+      bridge-break:
+        description: 'Break the build if BlackDuck SCA scan finds new bridge vulnerabilities'
+        required: false
+        type: boolean
+        default: true
+      detect-blackduck-scan-mode:
+        description: 'Mode for BlackDuck SCA scan detection - options include RAPID,STATELESS,INTELLIGENT'
+        required: false
+        type: string
+        default: 'INTELLIGENT'
+      blackducksca_scan_full:
+        description: 'Scan Mode. (true for intelligent scan & false for rapid scan)'
+        required: false
+        type: boolean
+        default: false
       detect-version-source-type:  # options include "none" (do not detect), "file", "github-tag" or "github-release"
         description: 'flag to determine how to detect version dynamically'
         required: false
@@ -928,7 +953,7 @@ jobs:
   generate-sbom:
     name: 'Generating SBOM'
     if: ${{ inputs.generate-sbom == true }}
-    uses: chef/common-github-actions/.github/workflows/sbom.yml@main
+    uses: chef/common-github-actions/.github/workflows/sbom.yml@chef-19
     needs: ci-build
     secrets: inherit
     with:
diff --git a/.github/workflows/sbom.yml b/.github/workflows/sbom.yml
index e957a6c..af43941 100644
--- a/.github/workflows/sbom.yml
+++ b/.github/workflows/sbom.yml
@@ -202,7 +202,7 @@ jobs:
         # echo "BLACKDUCK_SBOM_API_KEY: ${{ secrets.BLACKDUCK_SBOM_API_KEY }}" no longer used, see BLACKDUCK_SCA_TOKEN
 
       - name: BlackDuck SBOM scan
-        uses: blackduck-inc/black-duck-security-scan@v2.1.1
+        uses: blackduck-inc/black-duck-security-scan@v2.6.0
         continue-on-error: true  # Allow pipeline to continue even with policy violations
         env: 
           GOPRIVATE: ${{ inputs.go-private-modules }}
diff --git a/.github/workflows/stubs/ci-main-pull-request-stub.yml b/.github/workflows/stubs/ci-main-pull-request-stub.yml
index c92e8c0..6626b2b 100644
--- a/.github/workflows/stubs/ci-main-pull-request-stub.yml
+++ b/.github/workflows/stubs/ci-main-pull-request-stub.yml
@@ -29,7 +29,7 @@ jobs:
           echo "CI main pull request stub version $STUB_VERSION"
 
   call-ci-main-pr-check-pipeline:
-    uses: chef/common-github-actions/.github/workflows/ci-main-pull-request.yml@main
+    uses: chef/common-github-actions/.github/workflows/ci-main-pull-request.yml@chef-19
     secrets: inherit
     permissions: 
       id-token: write