diff --git a/.github/workflows/integration-tests.yml b/.github/workflows/integration-tests.yml
index 6b753920e0fa123018f6ac90353db4615c1392d4..29b9723226577a6f2fd4b5fe76452b9784dba85b 100644
--- a/.github/workflows/integration-tests.yml
+++ b/.github/workflows/integration-tests.yml
@@ -73,7 +73,7 @@ jobs:
         run: xcresultparser -q -o cobertura -t ElementX -p $(pwd) fastlane/test_output/IntegrationTests.xcresult > fastlane/test_output/integration-cobertura.xml
 
       - name: Upload coverage to Codecov
-        uses: codecov/codecov-action@v3
+        uses: codecov/codecov-action@eaaf4bedf32dbdc6b720b63067d99c4d77d6047d #v3.1.4
         with:
           fail_ci_if_error: true
           token: ${{ secrets.CODECOV_TOKEN }}
@@ -86,7 +86,7 @@ jobs:
 
       - name: Upload test results to Codecov
         if: ${{ !cancelled() }}
-        uses: codecov/test-results-action@v1
+        uses: codecov/test-results-action@f2dba722c67b86c6caa034178c6e4d35335f6706 #v1.1.0
         continue-on-error: true
         with:
           fail_ci_if_error: false
diff --git a/.github/workflows/pr-build.yml b/.github/workflows/pr-build.yml
index 40ce4cc15f82f9a7119854d2f6ba29e3b5449f46..6caac2c884b972907aad3b0834429ed8d59f7307 100644
--- a/.github/workflows/pr-build.yml
+++ b/.github/workflows/pr-build.yml
@@ -35,7 +35,7 @@ jobs:
           source ci_scripts/ci_common.sh && setup_github_actions_environment
 
       - name: Import signing certificate
-        uses: apple-actions/import-codesign-certs@v3
+        uses: apple-actions/import-codesign-certs@63fff01cd422d4b7b855d40ca1e9d34d2de9427d #v3
         with:
           p12-file-base64: ${{ secrets.ALPHA_CERTIFICATES_P12 }}
           p12-password: ${{ secrets.ALPHA_CERTIFICATES_P12_PASSWORD }}
@@ -52,7 +52,7 @@ jobs:
           BROWSERSTACK_ACCESS_KEY: ${{ secrets.BROWSERSTACK_ACCESS_KEY }}
 
       - name: Add release notes and Diawi info
-        uses: NejcZdovc/comment-pr@v2
+        uses: NejcZdovc/comment-pr@a423635d183a8259308e80593c96fecf31539c26 #v2.1.0
         with:
           message: |
             :iphone: Scan the QR code below to install the build for this PR. 
diff --git a/.github/workflows/translations-pr.yml b/.github/workflows/translations-pr.yml
index 695344cebc4fb4a956bc052dce446b08f99a7bc1..536c5ba730eae64763ec52e24f89392090287b9e 100644
--- a/.github/workflows/translations-pr.yml
+++ b/.github/workflows/translations-pr.yml
@@ -28,7 +28,7 @@ jobs:
         run: swift run tools generate-sas
 
       - name: Create PR for Translations
-        uses: peter-evans/create-pull-request@v7
+        uses: peter-evans/create-pull-request@271a8d0340265f705b14b6d32b9829c1cb33d45e #v7.0.8
         with:
           token: ${{ secrets.ELEMENT_BOT_TOKEN }}
           commit-message: Translations update
diff --git a/.github/workflows/ui_tests.yml b/.github/workflows/ui_tests.yml
index 5fa202cb6f4f2cf5d0c6d567108ca9ca83cdf4e8..dcf187f559bc98a3821feaceb4b51bb7671a305c 100644
--- a/.github/workflows/ui_tests.yml
+++ b/.github/workflows/ui_tests.yml
@@ -21,7 +21,7 @@ jobs:
       cancel-in-progress: true
 
     steps:
-      - uses: nschloe/action-cached-lfs-checkout@v1
+      - uses: nschloe/action-cached-lfs-checkout@f46300cd8952454b9f0a21a3d133d4bd5684cfc2 #v1.2.3
 
       - uses: actions/cache@v4
         with:
@@ -59,7 +59,7 @@ jobs:
         run: xcresultparser -q -o cobertura -t ElementX -p $(pwd) fastlane/test_output/UITests.xcresult > fastlane/test_output/ui-cobertura.xml
 
       - name: Upload coverage to Codecov
-        uses: codecov/codecov-action@v3
+        uses: codecov/codecov-action@eaaf4bedf32dbdc6b720b63067d99c4d77d6047d #v3.1.4
         with:
           fail_ci_if_error: true
           token: ${{ secrets.CODECOV_TOKEN }}
@@ -72,7 +72,7 @@ jobs:
 
       - name: Upload test results to Codecov
         if: ${{ !cancelled() }}
-        uses: codecov/test-results-action@v1
+        uses: codecov/test-results-action@f2dba722c67b86c6caa034178c6e4d35335f6706 #v1.1.0
         continue-on-error: true
         with:
           fail_ci_if_error: false
diff --git a/.github/workflows/unit_tests.yml b/.github/workflows/unit_tests.yml
index 81be7193e43c3bd35c72082d9b4c448cc856986f..c672d0c16c2af195ecfab438ccfc4ea725428182 100644
--- a/.github/workflows/unit_tests.yml
+++ b/.github/workflows/unit_tests.yml
@@ -19,7 +19,7 @@ jobs:
       cancel-in-progress: true
 
     steps:
-      - uses: nschloe/action-cached-lfs-checkout@v1
+      - uses: nschloe/action-cached-lfs-checkout@f46300cd8952454b9f0a21a3d133d4bd5684cfc2 #v1.2.3
 
       - uses: actions/cache@v4
         with:
@@ -60,7 +60,7 @@ jobs:
           xcresultparser -q -o cobertura -t ElementX -p $(pwd) fastlane/test_output/PreviewTests.xcresult > fastlane/test_output/preview-cobertura.xml
       
       - name: Upload coverage to Codecov
-        uses: codecov/codecov-action@v3
+        uses: codecov/codecov-action@eaaf4bedf32dbdc6b720b63067d99c4d77d6047d #v3.1.4
         with:
           fail_ci_if_error: true
           token: ${{ secrets.CODECOV_TOKEN }}
@@ -74,7 +74,7 @@ jobs:
 
       - name: Upload test results to Codecov
         if: ${{ !cancelled() }}
-        uses: codecov/test-results-action@v1
+        uses: codecov/test-results-action@f2dba722c67b86c6caa034178c6e4d35335f6706 #v1.1.0
         continue-on-error: true
         with:
           fail_ci_if_error: false
diff --git a/.github/workflows/unit_tests_enterprise.yml b/.github/workflows/unit_tests_enterprise.yml
index 19b8b0595be2b3c7eab611fa3e28e15926abd3ba..5733e35f6105101b6ac54245954b25722767b69a 100644
--- a/.github/workflows/unit_tests_enterprise.yml
+++ b/.github/workflows/unit_tests_enterprise.yml
@@ -22,7 +22,7 @@ jobs:
       cancel-in-progress: true
 
     steps:
-      - uses: nschloe/action-cached-lfs-checkout@v1
+      - uses: nschloe/action-cached-lfs-checkout@f46300cd8952454b9f0a21a3d133d4bd5684cfc2 #v1.2.3
         with:
           submodules: recursive
           token: ${{ secrets.ELEMENT_BOT_TOKEN }}