diff --git a/.github/workflows/deploy-site.yml b/.github/workflows/deploy-site.yml
index 676d6690..d56b29e0 100644
--- a/.github/workflows/deploy-site.yml
+++ b/.github/workflows/deploy-site.yml
@@ -22,11 +22,11 @@ jobs:
     permissions:
       contents: read # to download the repository
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
         with:
           fetch-depth: 0
           persist-credentials: false
-      - uses: actions/setup-node@v4
+      - uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020 # v4
         with:
           node-version: 18
           cache: npm
@@ -38,7 +38,7 @@ jobs:
         run: npm run build
 
       - name: Upload Build Artifact
-        uses: actions/upload-pages-artifact@v3
+        uses: actions/upload-pages-artifact@56afc609e74202658d3ffba0e8f6dda462b719fa # v3
         with:
           path: site/build
 
@@ -60,4 +60,4 @@ jobs:
     steps:
       - name: Deploy to GitHub Pages
         id: deployment
-        uses: actions/deploy-pages@v4
+        uses: actions/deploy-pages@d6db90164ac5ed86f2b6aed7e0febac5b3c0c03e # v4
diff --git a/source/docker/Dockerfile b/source/docker/Dockerfile
index 509538e6..7908156e 100644
--- a/source/docker/Dockerfile
+++ b/source/docker/Dockerfile
@@ -1,5 +1,5 @@
 # Multistage build - allows for smaller final images post Python build
-FROM node:23-alpine3.20 AS builder
+FROM node:23-alpine3.20@sha256:78d6e102e0889545bcf80ded837034f485ba7f7ebe09211d0f2d383082a7a047 AS builder
 ARG SERVICE
 
 WORKDIR /usr/src/app
@@ -22,7 +22,7 @@ RUN npm install --production \
     && rm -rf /tmp/*
 
 # Create a slimmer image using the built node_modules
-FROM node:23-alpine3.20
+FROM node:23-alpine3.20@sha256:78d6e102e0889545bcf80ded837034f485ba7f7ebe09211d0f2d383082a7a047
 ARG SERVICE
 
 WORKDIR /usr/src/app
diff --git a/source/tickets-load-tester/Dockerfile b/source/tickets-load-tester/Dockerfile
index d32dd88c..1ed64dd3 100644
--- a/source/tickets-load-tester/Dockerfile
+++ b/source/tickets-load-tester/Dockerfile
@@ -1,9 +1,9 @@
-FROM docker.io/grafana/xk6:latest AS builder
+FROM docker.io/grafana/xk6:latest@sha256:4ef0baa8c724cd1c227d1f7d0e6a9eb8bf6c91e0c31b442903294d01499c2f01 AS builder
 
 # Build the xk6 binary with the required extensions
 RUN xk6 build --with github.com/grafana/xk6-faker@latest
 
-FROM docker.io/library/debian:12-slim
+FROM docker.io/library/debian:12-slim@sha256:67b30a61dc87758f0caf819646104f29ecbda97d920aaf5edc834128ac8493d3
 
 COPY --from=builder /xk6/k6 /usr/bin/k6
 
diff --git a/source/tickets-load-tester/package-lock.json b/source/tickets-load-tester/package-lock.json
index c639d661..06f7eec9 100644
--- a/source/tickets-load-tester/package-lock.json
+++ b/source/tickets-load-tester/package-lock.json
@@ -9,7 +9,7 @@
       "version": "1.0.0",
       "license": "ISC",
       "devDependencies": {
-        "@types/k6": "^1.0.2"
+        "@types/k6": "1.0.2"
       }
     },
     "node_modules/@types/k6": {
diff --git a/source/tickets-load-tester/package.json b/source/tickets-load-tester/package.json
index 59f68d4e..2bd2beff 100644
--- a/source/tickets-load-tester/package.json
+++ b/source/tickets-load-tester/package.json
@@ -10,6 +10,6 @@
   "license": "ISC",
   "description": "",
   "devDependencies": {
-    "@types/k6": "^1.0.2"
+    "@types/k6": "1.0.2"
   }
 }