diff --git a/.github/workflows/codeql-daily.yml b/.github/workflows/codeql-daily.yml
index aec4a913a088..07eb39639286 100644
--- a/.github/workflows/codeql-daily.yml
+++ b/.github/workflows/codeql-daily.yml
@@ -21,8 +21,8 @@ jobs:
     strategy:
       fail-fast: false
 
-    # CodeQL runs on ubuntu-20.04
-    runs-on: ubuntu-20.04
+    # CodeQL runs on ubuntu-24.04
+    runs-on: ubuntu-24.04
     if: github.repository == 'envoyproxy/envoy'
 
     steps:
diff --git a/.github/workflows/codeql-push.yml b/.github/workflows/codeql-push.yml
index 096855400170..f803a6933d9c 100644
--- a/.github/workflows/codeql-push.yml
+++ b/.github/workflows/codeql-push.yml
@@ -30,7 +30,7 @@ jobs:
       # for github/codeql-action/analyze to upload SARIF results
       security-events: write
       pull-requests: read
-    runs-on: ubuntu-20.04
+    runs-on: ubuntu-24.04
     if: github.repository == 'envoyproxy/envoy'
     steps:
     - name: Checkout repository