diff --git a/.github/workflows/java-release.yml b/.github/workflows/java-release.yml
index 3f81eb1..92e9af3 100644
--- a/.github/workflows/java-release.yml
+++ b/.github/workflows/java-release.yml
@@ -32,7 +32,7 @@ jobs:
 
     steps:
       # Checkout the code
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1
         with:
           fetch-depth: 0
 
diff --git a/.github/workflows/semgrep.yml b/.github/workflows/semgrep.yml
index e0227e3..0495d18 100644
--- a/.github/workflows/semgrep.yml
+++ b/.github/workflows/semgrep.yml
@@ -17,7 +17,7 @@ jobs:
       image: returntocorp/semgrep
     if: (github.actor != 'dependabot[bot]')
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
 
       - run: semgrep ci
         env: