diff --git a/.github/workflows/scan.yaml b/.github/workflows/scan.yaml
index 913440938..dc5a1f1be 100644
--- a/.github/workflows/scan.yaml
+++ b/.github/workflows/scan.yaml
@@ -12,7 +12,7 @@ jobs:
   scan:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v4
+    - uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4
     - name: Scan image with Trivy
       uses: aquasecurity/trivy-action@master
       with: