diff --git a/.github/workflows/run-trivy.yaml b/.github/workflows/run-trivy.yaml
index 187888538..747b5efc7 100644
--- a/.github/workflows/run-trivy.yaml
+++ b/.github/workflows/run-trivy.yaml
@@ -11,10 +11,10 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
-        uses: actions/checkout@v3
+        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3
 
       - name: Run Trivy vulnerability scanner in IaC mode
-        uses: aquasecurity/trivy-action@0.18.0
+        uses: aquasecurity/trivy-action@062f2592684a31eb3aa050cc61e7ca1451cecd3d # 0.18.0
         with:
           scan-type: config
           hide-progress: false
@@ -26,6 +26,6 @@ jobs:
           scan-ref: infra/terraform
 
       - name: Upload Trivy scan results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@v2
+        uses: github/codeql-action/upload-sarif@e56cfd0877b4826be144d11aa31e6c64a55828e9 # v2
         with:
           sarif_file: trivy-results.sarif