diff --git a/.github/workflows/docker-buildx-dev.yml b/.github/workflows/docker-buildx-dev.yml
index 4be434b..8df5528 100644
--- a/.github/workflows/docker-buildx-dev.yml
+++ b/.github/workflows/docker-buildx-dev.yml
@@ -15,18 +15,18 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@main
+        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
         with:
           ref: ${{ github.ref }}
       -
         name: Set up QEMU
-        uses: docker/setup-qemu-action@v3
+        uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0
         with:
           platforms: all
       -
         name: Set up Docker Buildx
         id: buildx
-        uses: docker/setup-buildx-action@v3
+        uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1
         with:
           version: latest
       -
@@ -34,13 +34,13 @@ jobs:
         run: echo ${{ steps.buildx.outputs.platforms }}
       -
         name: Login to DockerHub
-        uses: docker/login-action@v3
+        uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
       -
         name: Build and push multi-arch dev
-        uses: docker/build-push-action@v6
+        uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6.9.0
         with:
           context: .
           file: ./Dockerfile
diff --git a/.github/workflows/docker-buildx-latest.yml b/.github/workflows/docker-buildx-latest.yml
index 06ac0af..5415b16 100644
--- a/.github/workflows/docker-buildx-latest.yml
+++ b/.github/workflows/docker-buildx-latest.yml
@@ -15,18 +15,18 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
         with:
           ref: ${{ github.ref }}
       -
         name: Set up QEMU
-        uses: docker/setup-qemu-action@v1
+        uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0
         with:
           platforms: all
       -
         name: Set up Docker Buildx
         id: buildx
-        uses: docker/setup-buildx-action@v1
+        uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1
         with:
           version: latest
       -
@@ -34,13 +34,13 @@ jobs:
         run: echo ${{ steps.buildx.outputs.platforms }}
       -
         name: Login to DockerHub
-        uses: docker/login-action@v1
+        uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
         with:
             username: ${{ secrets.DOCKERHUB_USERNAME }}
             password: ${{ secrets.DOCKERHUB_TOKEN }}
       -
         name: Build and push multi-arch latest
-        uses: docker/build-push-action@v2
+        uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6.9.0
         with:
             context: .
             file: ./Dockerfile
diff --git a/.github/workflows/trivy-scan.yml b/.github/workflows/trivy-scan.yml
index 32349e2..52c53f4 100644
--- a/.github/workflows/trivy-scan.yml
+++ b/.github/workflows/trivy-scan.yml
@@ -13,12 +13,12 @@ jobs:
     steps:
       -
         name: Checkout
-        uses: actions/checkout@v4
+        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
         with:
           ref: ${{ github.ref }}
       -
         name: Run Trivy fs vulnerability scanner in fs mode
-        uses: aquasecurity/trivy-action@0.20.0
+        uses: aquasecurity/trivy-action@6e7b7d1fd3e4fef0c5fa8cce1229c54b2c9bd0d8 # v0.24.0
         with:
           scan-type: 'fs'
           ignore-unfixed: true