diff --git a/.github/workflows/azure-analyze.yaml b/.github/workflows/azure-analyze.yaml
index 03557f8..2d49cad 100644
--- a/.github/workflows/azure-analyze.yaml
+++ b/.github/workflows/azure-analyze.yaml
@@ -38,6 +38,10 @@ jobs:
       - name: Checkout
         uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
 
+      # Install a specific version of Bicep for consistency across CI runs.
+      - name: Install Bicep
+        run: az bicep install --version v0.38.33
+
       # Run analysis by using the PSRule GitHub action.
       - name: Run PSRule analysis
         uses: microsoft/ps-rule@46451b8f5258c41beb5ae69ed7190ccbba84112c # v2.9.0
@@ -46,6 +50,9 @@ jobs:
           outputFormat: Sarif
           outputPath: reports/ps-rule-results.sarif
           summary: true
+        env:
+          # Use Bicep from Azure CLI.
+          PSRULE_AZURE_BICEP_USE_AZURE_CLI: true
 
       # If you have GitHub Advanced Security you can upload PSRule scan results.
       # Uncomment the next step to use this feature.
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
index 5c0fd35..00b096b 100644
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -45,6 +45,10 @@ jobs:
         with:
           modules: PSRule.Rules.MSFT.OSS
 
+      # Install a specific version of Bicep for consistency across CI runs.
+      - name: Install Bicep
+        run: az bicep install --version v0.38.33
+
       - name: Check Azure samples
         uses: microsoft/ps-rule@46451b8f5258c41beb5ae69ed7190ccbba84112c # v2.9.0
         with:
@@ -52,6 +56,9 @@ jobs:
           outputFormat: Sarif
           outputPath: reports/ps-rule-results.sarif
           summary: true
+        env:
+          # Use Bicep from Azure CLI.
+          PSRULE_AZURE_BICEP_USE_AZURE_CLI: true
 
       - name: Upload results to security tab
         uses: github/codeql-action/upload-sarif@f443b600d91635bebf5b0d9ebc620189c0d6fba5 # v3.29.5
diff --git a/ps-rule.lock.json b/ps-rule.lock.json
index 682d430..8d2c896 100644
--- a/ps-rule.lock.json
+++ b/ps-rule.lock.json
@@ -2,8 +2,8 @@
   "version": 1,
   "modules": {
     "PSRule.Rules.Azure": {
-      "version": "1.41.3",
-      "integrity": "sha512-yvMcfOsu8KWxTxT94ZxiXTYN3wbD4CmsEQpSSjeHGDyJcDKTlSGFW7YC7XW48qEqN0BFi7aTxGfAyM3FAb5vog=="
+      "version": "1.46.0",
+      "integrity": "sha512-JpWngKuESmvPtGRwWTCy4MtS29QvIAo/3ejgGazUX755oXj7Z+Tw7/MXXHzjVlzGIhZ+Lz8WDarElmPJzlmlLQ=="
     }
   }
 }
\ No newline at end of file
diff --git a/ps-rule.yaml b/ps-rule.yaml
index 29d47fc..4a735e6 100644
--- a/ps-rule.yaml
+++ b/ps-rule.yaml
@@ -71,7 +71,7 @@ configuration:
   AZURE_BICEP_CHECK_TOOL: true
 
   # Configure the minimum version of the Bicep CLI.
-  AZURE_BICEP_MINIMUM_VERSION: '0.25.53'
+  AZURE_BICEP_MINIMUM_VERSION: '0.38.33'
 
   AZURE_DEPLOYMENT_NONSENSITIVE_PARAMETER_NAMES:
     - keys