diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index ba1fdd4de..0f6381563 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -35,7 +35,7 @@ jobs:
           node-version: ${{ matrix.node }}
 
       - name: Setup Maven Action
-        uses: s4u/setup-maven-action@v1.17.0
+        uses: s4u/setup-maven-action@9a27433d289dd99d73851f653607c39d3444e8ba #v1.17.0
         with:
           java-version: ${{ matrix.java }}
           java-distribution: "temurin"
@@ -78,7 +78,7 @@ jobs:
 
       - name: Import GPG Key
         if: ${{ github.ref == 'refs/heads/main' }}
-        uses: crazy-max/ghaction-import-gpg@v6
+        uses: crazy-max/ghaction-import-gpg@82a020f1f7f605c65dd2449b392a52c3fcfef7ef # v6
         with:
           gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
           passphrase: ${{ secrets.GPG_PASSPHRASE }}
diff --git a/.github/workflows/release-drafter.yml b/.github/workflows/release-drafter.yml
index 2e637e7b7..a77154322 100644
--- a/.github/workflows/release-drafter.yml
+++ b/.github/workflows/release-drafter.yml
@@ -28,7 +28,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       # Drafts your next Release notes as Pull Requests are merged into "main"
-      - uses: release-drafter/release-drafter@v6
+      - uses: release-drafter/release-drafter@3f0f87098bd6b5c5b9a36d49c41d998ea58f9348 # v6
         with:
           config-name: release-drafter.yml
         env:
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 290b34754..9c8424cbf 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -51,7 +51,7 @@ jobs:
         run: sudo apt-get install libxml2-utils
 
       - name: Setup Maven Action
-        uses: s4u/setup-maven-action@v1.17.0
+        uses: s4u/setup-maven-action@9a27433d289dd99d73851f653607c39d3444e8ba #v1.17.0
         with:
           java-version: 17
           java-distribution: "temurin"
diff --git a/.github/workflows/trivy.yml b/.github/workflows/trivy.yml
index e7ac0bae7..575ba74ef 100644
--- a/.github/workflows/trivy.yml
+++ b/.github/workflows/trivy.yml
@@ -19,7 +19,7 @@ jobs:
       uses: actions/checkout@v4
 
     - name: Run Trivy vulnerability scanner in fs mode
-      uses: aquasecurity/trivy-action@0.29.0
+      uses: aquasecurity/trivy-action@18f2510ee396bbf400402947b394f2dd8c87dbb0 # 0.29.0
       with:
         scan-type: 'fs'
         scan-ref: '.'